WO2017193783A1 - Method and device for protecting user location information - Google Patents

Method and device for protecting user location information Download PDF

Info

Publication number
WO2017193783A1
WO2017193783A1 PCT/CN2017/081198 CN2017081198W WO2017193783A1 WO 2017193783 A1 WO2017193783 A1 WO 2017193783A1 CN 2017081198 W CN2017081198 W CN 2017081198W WO 2017193783 A1 WO2017193783 A1 WO 2017193783A1
Authority
WO
WIPO (PCT)
Prior art keywords
area
anonymous
location
user
region
Prior art date
Application number
PCT/CN2017/081198
Other languages
French (fr)
Chinese (zh)
Inventor
侯洁
Original Assignee
北京京东尚科信息技术有限公司
北京京东世纪贸易有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 北京京东尚科信息技术有限公司, 北京京东世纪贸易有限公司 filed Critical 北京京东尚科信息技术有限公司
Publication of WO2017193783A1 publication Critical patent/WO2017193783A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0407Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
    • H04L63/0421Anonymous communication, i.e. the party's identifiers are hidden from the other party or parties, e.g. using an anonymizer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/52Network services specially adapted for the location of the user terminal

Definitions

  • the present application relates to the field of computer technologies, and in particular, to the field of Internet technologies, and in particular, to a method and apparatus for protecting user location information.
  • LBS Location Based Service
  • the purpose of the present application is to propose an improved method and apparatus for protecting user location information to solve the technical problems mentioned in the background section above.
  • the present application provides a user location information protection method, the method comprising: acquiring a map and location information of a user terminal, wherein the map is divided into hierarchical regions and supports regional index, a high-level The area covers a plurality of lower layers, and the lowest layer includes a geographic information point; the smallest area that satisfies the following conditions is found in the map as an anonymous area: the location of the user terminal is located in the area, and the area includes at least The first number of users and regions include at least a second number of different geographic information points, and the area of the region does not exceed a preset area threshold, and the semantics of the region are safe, wherein the semantics of the region is secure.
  • the method further includes pre-processing the map, including: overlaying each geographic information point in the map with a minimum bounding rectangle, and calculating a Hilbert value of each of the minimum bounding rectangle centers As a Hilbert value of the minimum bounding rectangle, a Hilbert R-tree is constructed for the map using the Hilbert value; and each of the minimum bounding rectangles in the Hilbert R-tree is obtained from a third-party data source
  • One or more tags of the location features of the included region to represent the location categories of the regions; calculating regional sensitivities for each of the location categories for each of the minimum bounding rectangles in the Hilbert R-tree;
  • the area sensitivity is stored in a corresponding leaf node of the Hilbert R-tree; wherein the calculation of the area sensitivity comprises: placing all tags in the area related to the location category into a tag set Calculating, by conditional entropy, the contribution of any one or more of the tag sets in determining the location category; calculating that all locations in the region have Determining the
  • the semantics of the region is safe when the region sensitivity is greater than a predetermined region sensitivity threshold.
  • the finding a region in the map that satisfies the following conditions a candidate anonymous area the location of the user terminal is located in the area, the area includes at least a first number of users, and the area includes at least a second number of different geographic information points, and the area of the area does not exceed a preset area threshold
  • the semantics of the area is secure, including: finding an area in the map that satisfies the following condition as a candidate anonymous area: the location of the user terminal is located in the area, and the area includes at least a second number of different geographic information points, The area of the area does not exceed the preset area threshold, and the semantics of the area are secure; finding a first number minus one user having the same anonymous area as the candidate anonymous area near the location of the user terminal, if found, Then, the anonymous success is successful, the candidate anonymous area is the final anonymous area; if not found, the upper layer area of the candidate area is selected as a new candidate area, and the first number is reduced by one neighbor user's discovery operation
  • the finding, in the vicinity of the location of the user terminal, the first number minus one user having the same anonymous area as the candidate anonymous area comprises: discovering by means of single-hop or multi-hop communication Neighboring users of the same candidate anonymous area form an anonymous anonymous group; broadcast an anonymous successful message to all users in the anonymous group; the anonymous group user replaces the real location with the candidate anonymous area
  • the service provider that provides the service according to the location initiates a service request, and after the service request is successfully processed, the anonymous group is dissolved.
  • the neighboring users having the same candidate anonymous area are discovered in a single-hop or multi-hop communication manner to form an anonymously successful anonymous group, including: a broadcast node discovery message, where the node discovery message includes: an anonymous group The number, the candidate anonymous area, the number of anonymous group users, the number of message broadcast hops, and the response message of the neighboring user, the response message includes: a set of neighbor nodes having the same candidate anonymous area; and the received set of neighbor nodes is placed A set of nodes is found, and the maximum anonymous group user value of all neighbor nodes of the neighbor node set is greater than the number of anonymous group users in the node discovery message.
  • the node discovery message includes: an anonymous group The number, the candidate anonymous area, the number of anonymous group users, the number of message broadcast hops, and the response message of the neighboring user, the response message includes: a set of neighbor nodes having the same candidate anonymous area; and the received set of neighbor nodes is placed A set of nodes is found, and the maximum anonymous group user value of all neighbor nodes of the
  • the anonymous group user in the node discovery message is The number is updated to the maximum number of anonymous group users in the neighbor node; whether the number of discovered nodes reaches the largest number of anonymous group users in the neighbor node minus one, if it is reached, the anonymous success is successful; if not, Comparing the set of neighbor nodes with the set of discovered nodes, if the two sets are the same, then Anonymity fails, an anonymous failed message will be sent within the anonymous group; If it is different, the message broadcast hop count is incremented by one, and the node discovery message is continuously broadcasted, waiting for a response.
  • the present application provides a user location information protection apparatus, where the apparatus includes: an acquisition unit configured to acquire a map and location information of a user terminal, wherein the map is divided into hierarchical regions and supported A regional index, a high-level area covering a plurality of lower-level areas, a lowest-level area containing a geographic information point, and an anonymous unit configured to find a minimum area in the map that satisfies the following conditions as an anonymous area:
  • the location of the user terminal is located in the area, and the area includes at least a first number of users, and the area includes at least a second number of different geographic information points, and the area of the area does not exceed a preset area threshold, and the semantics of the area are secure.
  • the semantics of the area is safe, meaning that the attacker cannot infer the personal information of the user from the location information of the user terminal; the requesting unit is configured to replace the real location of the user terminal with the anonymous area.
  • the apparatus further includes a map pre-processing unit configured to: overlay each geographic information point in the map with a minimum bounding rectangle, and calculate each minimum bounding rectangle a Hilbert value of the center as a Hilbert value of the minimum bounding rectangle, constructing a Hilbert R-tree for the map using the Hilbert value; obtaining a description of the Hilbert R-tree from a third-party data source One or more labels of the location features of the regions included in each of the minimum bounding rectangles to represent the location categories of the regions; calculating the regions included in each of the minimum bounding rectangles in the Hilbert R-tree for each location category Regional sensitivity; storing the regional sensitivity in a corresponding leaf node of the Hilbert R-tree; wherein the calculation of the regional sensitivity comprises: all of the regions associated with the location category The tag is placed in a tag set; conditional entropy is used to calculate the contribution of any tag or combination of tags in the tag set to determine the location category; All locations in the region have a probability
  • the semantics of the region is safe when the region sensitivity is greater than a predetermined region sensitivity threshold.
  • the anonymous unit is further configured to: find, in the map, an area that satisfies the following condition as a candidate anonymous area: the location of the user terminal is located in the area, and the area includes at least a second number of Different geographic information points, areas of the area do not exceed a preset area threshold, the semantics of the area are safe; finding a first number minus one of the same anonymous area as the candidate anonymous area near the location of the user terminal If the user is found, the anonymous success is successful, and the candidate anonymous area is the final anonymous area; if not found, the upper layer area of the candidate area is selected as the new candidate area, and the first number is decreased by one neighbor user. The discovery operation until the anonymous success or the candidate anonymous area reaches the preset area threshold.
  • the anonymous unit is further configured to: discover neighboring users having the same candidate anonymous area in a single hop or multi-hop communication manner, form an anonymous successful anonymous group; broadcast an anonymous successful message to the All users in the anonymous group; the anonymous group user uses the candidate anonymous area to replace the real location to initiate a service request to the service provider for providing the service according to the location, and after the service request is successfully processed, the anonymous The group is dissolved.
  • the anonymous unit is further configured to: broadcast a node discovery message, where the node discovery message includes: an anonymous group number, a candidate anonymous area, an anonymous group user number, a message broadcast hop count, and a response received by the neighbor user.
  • the response message includes: a set of neighbor nodes having the same candidate anonymous region; placing the received set of neighbor nodes into a set of discovered nodes, and viewing the largest anonymous group among all neighbor nodes of the set of neighbor nodes Whether the user value is greater than the number of anonymous group users in the node discovery message, and if yes, updating the number of anonymous group users in the node discovery message to the largest number of anonymous group users in the neighbor node; comparing the number of discovered nodes Whether the number reaches the maximum number of anonymous group users in the neighbor node minus one, if it is reached, the anonymous success; if not, compares the set of neighbor nodes with the set of discovered nodes, if two sets If the same, the anonymous failure will send an anonymous failed message within the anonymous group
  • the user location information protection method and apparatus provided by the application form an anonymous area by cooperation among users in the area, and use the anonymous area to replace the real location of the user to initiate a location-based service request, and the anonymous area returned from the service provider providing the service
  • the service query result in the service query result set selects the service query result that meets the user's real information, effectively protects the user's real location information, and prevents the user's sensitive information and behavior from being leaked.
  • FIG. 1 is an exemplary system architecture diagram to which the present application can be applied;
  • FIG. 2 is a flow chart of one embodiment of a method for protecting user location information according to the present application
  • FIG. 3 is a schematic diagram of an application scenario of a method for protecting user location information according to the present application
  • FIG. 4 is a flow chart of still another embodiment of a method for protecting user location information according to the present application.
  • FIG. 5 is a schematic structural diagram of an embodiment of a user location information protection apparatus according to the present application.
  • FIG. 6 is a schematic structural diagram of a computer system suitable for implementing a terminal device or a server of an embodiment of the present application.
  • FIG. 1 illustrates an exemplary system architecture 100 of an embodiment of a user location information protection method or user location information protection device to which the present application may be applied.
  • system architecture 100 can include terminal devices 101, 102, 103, network 104, and server 105.
  • the network 104 is used to provide a medium for communication links between the terminal devices 101, 102, 103 and the server 105.
  • Network 104 may include various types of connections, such as wired, wireless communication links, fiber optic cables, and the like.
  • the user can interact with the server 105 over the network 104 using the terminal devices 101, 102, 103 to receive or transmit messages and the like.
  • Various location service-based client applications such as a web browser application, a shopping application, a search application, an instant communication tool, a mailbox client, a social platform software, and the like, may be installed on the terminal devices 101, 102, and 103.
  • the terminal devices 101, 102, 103 may be various electronic devices having a display screen and supporting location-based services, including but not limited to smart phones, tablets, e-book readers, MP3 players (Moving Picture Experts Group Audio Layer III, The motion picture expert compresses the standard audio layer 3), MP4 (Moving Picture Experts Group Audio Layer IV) player, laptop portable computer and desktop computer, and the like.
  • MP3 players Motion Picture Experts Group Audio Layer III, The motion picture expert compresses the standard audio layer 3
  • MP4 Moving Picture Experts Group Audio Layer IV
  • Server 105 may be a server that provides various services, such as a background server that provides support for location-based services of terminal devices 101, 102, 103.
  • the background server may perform processing such as analyzing the received location-based service request and the like, and feed back the processing result (for example, restaurant query result data) to the terminal device.
  • the user location information protection method provided by the embodiment of the present application is generally performed by the terminal devices 101, 102, and 103. Accordingly, the user location information protection device is generally disposed in the terminal devices 101, 102, and 103.
  • terminal devices, networks, and servers in Figure 1 is merely illustrative. Depending on the implementation needs, there can be any number of terminal devices, networks, and servers.
  • the user location information protection method includes the following steps:
  • Step 201 Obtain location information of the map and the user terminal.
  • the electronic device on which the user location information protection method operates can acquire the preprocessed map from a background server (for example, the server 105 shown in FIG. 1) by a wired connection method or a wireless connection method, and acquire the user terminal through the positioning device.
  • Location information The map is divided into hierarchical regions and supports regional indexes. A high-level region covers multiple lower-level regions, and a lowest-level region contains a geographic information point.
  • the user location information protection method further includes: preprocessing the map, including: overlaying each geographic information point in the map with a minimum bounding rectangle, and calculating each minimum a Hilbert value of the center of the bounding rectangle as a Hilbert value of the minimum bounding rectangle, constructing a Hilbert R-tree for the map using the Hilbert value; obtaining a description of the Hilbert R from a third-party data source - one or more labels of the location features of the regions contained in each of the minimum bounding rectangles in the tree to represent the location categories of the regions; calculating the regions contained in each of the minimum bounding rectangles in the Hilbert R-tree for each The area sensitivity of the location category; storing the area sensitivity in a corresponding leaf node of the Hilbert R-tree; wherein the calculation of the area sensitivity comprises: correlating the area with the location category All tags are placed in a tag set; conditional entropy is used to calculate the contribution of any tag or combinations of tags in the tag set
  • constructing a Hilbert R-tree for the map includes: overlaying each geographic information point in the map with an MBR (Minimal Bounding Rectangle), and calculating each The Hilbert values of the MBR centers are used as the Hilbert values of the MBR; all MBRs are sorted in ascending order according to their Hilbert values, and they are divided into [
  • the semantics of the region is safe when the region sensitivity is greater than a preset region sensitivity threshold.
  • Step 202 Find a minimum area in the map that satisfies the anonymous condition as an anonymous area.
  • the anonymity condition of the area is: the location of the user terminal is located in the area, the area includes at least a first number of users, and the area includes at least a second number of different geographic information points, and the area of the area does not exceed
  • the area threshold and the semantics of the area are safe.
  • the semantics of the area is safe.
  • the area hides the location information of the user terminal.
  • the condition that the anonymous area of the user terminal is to be satisfied is that the area includes a geographic information point of the location of the user terminal, and the area includes at least six users, and the area includes at least 10 different geographic information points, and the area of the area is not Exceeding the preset area threshold of 1 square kilometer, the semantics of the area is safe, that is, the location information of the user terminal is hidden.
  • the semantics of a location implies the behavioral patterns of the active users on it and are related to a specific location category. For example, where it is usually visited during mealtimes, we can infer that it is a restaurant; and where it is usually visited in the middle of the night, we can infer that it is a place of entertainment. Therefore, location semantics is a functional description of the location. These descriptions are related to information such as time characteristics, user behavior, and the surrounding environment.
  • the semantics of the location are described by a series of labels used by different users to describe the location function and features for the same location.
  • a tag to be associated with a location category if and only if there is at least one location in all of the locations that belong to the category.
  • Step 203 Substituting the anonymous area for the real location of the user terminal to send a service request to the service provider for providing the service according to the location.
  • the user does not use his own real location when sending the location-based service request, but instead uses an anonymous area containing the real location, which can hide the user's real location and protect the user's privacy.
  • an anonymous area containing the real location For example, when a user requests a certain review website to inquire about the most popular restaurants in Xidan Joy City, the terminal finds an anonymous area according to step 202, and the anonymous area also includes several other nearby shopping malls. The name area asks a review network for the most popular restaurant in the anonymous area as the user's real location.
  • Step 204 Select a service query result that matches location information of the user terminal from a service query result set based on each geographic information point in the anonymous area returned by the service provider for providing the service according to the location.
  • the service provider providing the service returns a plurality of service query results, and selects a service query result that matches the location information of the user terminal. For example, in step 203, the user requests the most popular restaurant in the anonymous area from the anonymous area as the real location of the user, and the returned query result includes not only Joy City, but also Juntai Department Store and Xidan Shopping Center. The result of the query at the same location, the terminal selects the restaurant near the real location of Joy City as the final query result.
  • FIG. 3 is a schematic diagram of an application scenario of the user location information protection method according to the embodiment.
  • the terminal 301 first detects whether the latest version of the map has been acquired from the LBS server, and if not, downloads it immediately. On this basis, the terminal 301 finds the area 308 satisfying the anonymous condition as an anonymous area in the map, and sends the area 308 together with the request for finding a nearby restaurant to the LBS server 307, and the LBS server 307 transmits the result set of the query to the terminal 301.
  • the result set of the query includes results obtained based on the location queries of the terminals 302, 303, 304, 305, 306 in addition to the results of the location query based on the terminal 301.
  • the terminal selects the result of the location query based on the terminal 301 from the query result set.
  • the method provided by the above embodiment of the present application effectively protects the real location information of the user by using the anonymous area instead of the real location of the user to send the LBS request to the LBS service provider, thereby preventing leakage of sensitive information and behavior of the user.
  • the process 400 of the user location information protection method includes the following steps:
  • Step 401 Obtain location information of the map and the user terminal.
  • the electronic device on which the user location information protection method runs may be connected by wire or
  • the wireless connection mode acquires the preprocessed map from a background server (for example, the server 105 shown in FIG. 1), and acquires location information of the user terminal through the positioning device.
  • the map is divided into hierarchical regions and supports regional indexes. A high-level region covers multiple lower-level regions, and a lowest-level region contains a geographic information point.
  • Step 402 Find a minimum area in the map that satisfies the anonymous condition as an anonymous area.
  • the anonymity condition of the area is: the location of the user terminal is located in the area, the area includes at least a second number of different geographic information points, and the area of the area does not exceed a preset area threshold, and the semantics of the area are secure.
  • the condition that the anonymous area of the user terminal is to be satisfied is that the area includes a geographic information point of the location of the user terminal, and the area includes at least 10 different geographic information points, and the area of the area does not exceed a preset area threshold of 1 square kilometer.
  • the semantics of the area are secure, that is, the location information of the user terminal is hidden.
  • step 403 it is judged whether the first number minus one user having the same anonymous area as the candidate anonymous area is found.
  • the anonymous area needs to have a first number of users, so it is necessary to additionally find the first number minus one user having the same anonymous area as the candidate anonymous area. For example, after performing step 402, five users of the same anonymous area as the candidate anonymous area are sought in the candidate anonymous area.
  • the neighboring users having the same candidate anonymous area are found in a single-hop or multi-hop communication manner to form an anonymous anonymous group; the anonymous successful message is broadcast to the anonymous group. All users within the anonymous group; the user in the anonymous group uses the candidate anonymous area instead of its real location to initiate a service request to a service provider for providing a service according to the location, and after the service request is successfully processed, the anonymous group is dissolved. .
  • the neighboring users having the same candidate anonymous area are found in a single-hop or multi-hop communication manner to form an anonymous anonymous group, including: a broadcast node discovery message, and the node is found.
  • the message includes: an anonymous group number, a candidate anonymous area, an anonymous group number of users, a message broadcast hop count, and a response message of the neighboring user, the response message includes: a set of neighbor nodes having the same candidate anonymous area;
  • the neighbor node set is placed in the set of discovered nodes, and the maximum anonymous group user value of all neighbor nodes of the neighbor node set is greater than the number of anonymous group users in the node discovery message. If it is greater, the node discovery message is sent.
  • the number of anonymous groups in the user is more The number of the largest anonymous group users in the neighboring node; whether the number of discovered nodes reaches the largest number of anonymous group users in the neighboring node minus one, if it is reached, the anonymous success is successful; if not, the Comparing the set of neighbor nodes with the set of discovered nodes. If the two sets are the same, the anonymity fails, and an anonymous failure message is sent in the anonymous group; if different, the number of the message broadcast hops is increased by one. , continue to broadcast the node discovery message, waiting for a response. For example, user S needs to find four users who are the same as their anonymous areas.
  • user A needs six identical anonymous areas in the response message of the received neighbor user.
  • User B user B needs 4 users with the same anonymous area.
  • User C needs 5 users with the same anonymous area.
  • User D needs 5 users with the same anonymous area.
  • the message broadcast hop count is incremented by one to broadcast the node discovery message again, and the user A, the user B, the user C, and the user D determine the message after receiving the node discovery message.
  • the message broadcast hop count is 2
  • the message broadcast hop count is decremented by 1
  • the node discovery message of the message broadcast hop count of 1 is continuously broadcast to other users, and the user E and the user F determine the self after receiving the node discovery message.
  • the broadcast is not continued to other users, but the node discovery message is received in response.
  • User A, User B, User C, and User D will send the response User E and User F together with themselves to User S.
  • the candidate anonymous area is the final anonymous area.
  • step 403 if the first number minus one user having the same anonymous area as the candidate anonymous area is found in step 403, the candidate anonymous area is the final anonymous area, and steps 406, 407 are continued.
  • step 405 the upper layer area of the candidate area is selected as a new candidate area.
  • the upper layer area of the candidate area is selected as the new candidate area, and the first number is decreased by one.
  • the discovery operation of the neighboring users until the success of the anonymous or the area of the candidate anonymous area reaches the preset area threshold. For example, if only four users of the same anonymous area as the candidate anonymous area are found in step 403, the search range is expanded to the upper layer area of the candidate area and then searched until five identical anonymous areas are found. The user or anonymous area of the anonymous area reaches the preset area 1 Square kilometers.
  • Step 406 replacing the real location of the user terminal with the anonymous area to send a service request to the service provider for providing the service according to the location.
  • step 203 Similar to step 203, and therefore will not be described again.
  • Step 407 Select a service query result that matches location information of the user terminal from a service query result set based on each geographic information point in the anonymous area returned by the service provider for providing the service according to the location.
  • step 204 Similar to step 204, and therefore will not be described again.
  • the flow 400 of the user location information protection method in this embodiment highlights the step of finding a user having the same anonymous area as the candidate anonymous area, as compared to the embodiment corresponding to FIG.
  • the solution described in this embodiment can find an anonymous area that enables multiple users to satisfy the anonymous condition, thereby achieving more comprehensive protection of user location information.
  • the present application provides an embodiment of a user location information protection apparatus, and the apparatus embodiment corresponds to the method embodiment shown in FIG. It can be specifically applied to various electronic devices.
  • the user location information protection apparatus 500 described in this embodiment includes: an obtaining unit 501, an anonymizing unit 502, a requesting unit 503, and a selecting unit 504.
  • the acquiring unit 501 is configured to acquire location information of the map and the user terminal, where the map is divided into hierarchical regions and supports the regional index, and a high-level region covers multiple lower-level regions, and a lower layer.
  • the area includes a geographic information point;
  • the anonymous unit 502 is configured to find a minimum area in the map that satisfies the following condition: the location of the user terminal is located in the area, and the area includes at least a first number of users The area includes at least a second number of different geographic information points, and the area of the area does not exceed a preset area threshold.
  • the semantics of the area are safe.
  • the semantics of the area is safe.
  • the attacker cannot
  • the location information of the user terminal infers the personal information of the user;
  • the requesting unit 503 is configured to use the anonymous area to replace the real location of the user terminal to send a service request to a service provider for providing a service according to the location;
  • the selecting unit 504 Configuring a basis for returning from the service provider for providing a service based on location Anonymous region each A service query result that matches the location information of the user terminal is selected in the service query result set of the geographic information points.
  • the obtaining unit 501 of the user location information protection apparatus 500 can acquire the preprocessed map from a background server (for example, the server 105 shown in FIG. 1) by a wired connection method or a wireless connection manner.
  • the request unit 503 of the user location information protection apparatus 500 may send a location-based service request to a background server (for example, the server 105 shown in FIG. 1) by using a wired connection manner or a wireless connection manner, and use the request in the request.
  • a background server for example, the server 105 shown in FIG. 1
  • the anonymous area generated in the anonymous unit 502 replaces the real location of the user.
  • the selecting unit 504 of the user location information protection apparatus 500 may receive a query result set of the location-based service from the background server, and find a query result that matches the real location of the user from the query result set.
  • the user location information protection apparatus further includes a map pre-processing unit, where the map pre-processing unit is configured to: use a minimum boundary for each geographic information point in the map Rectangular coverage, calculating a Hilbert value of the center of each minimum boundary rectangle as a Hilbert value of the minimum bounding rectangle, constructing a Hilbert R-tree with the Hilbert value; from third party data
  • the source obtains one or more labels describing the location features of the regions included in each of the minimum bounding rectangles in the Hilbert R-tree to represent the location categories of the regions; calculating each of the minimum bounding rectangles in the Hilbert R-tree
  • the area sensitivity of the included area for each location category storing the area sensitivity in a corresponding leaf node of the Hilbert R-tree; wherein the calculation of the area sensitivity comprises: All tags associated with the location category are placed in a tag set; conditional entropy is used to calculate any tag or combination of tags in the tag set a degree of contribution of the
  • the semantics of the region is safe when the region sensitivity is greater than a preset region sensitivity threshold.
  • the anonymous unit 502 in the user location information protection apparatus is further configured to: find, in the map, an area that satisfies the following condition as a candidate anonymous area: the user terminal The location is located in the area, the area includes at least a second number of different geographic information points, the area of the area does not exceed a preset area threshold, the semantics of the area is secure; and the first number is reduced near the location of the user terminal.
  • the candidate region repeats the discovery operation of the first number minus one neighbor user until the anonymous success or the candidate anonymous region area reaches a preset area threshold.
  • the anonymous unit 502 in the user location information protection apparatus is further configured to: discover neighboring users with the same candidate anonymous area in a single-hop or multi-hop communication manner to form an anonymous success.
  • Anonymous group broadcasts an anonymously successful message to all users in the anonymous group; the anonymous group user uses the candidate anonymous area instead of its real location to initiate a service to a service provider for providing a service according to the location The request, after the service request is processed successfully, the anonymous group is dissolved.
  • the anonymous unit 502 in the user location information protection apparatus is further configured to: broadcast a node discovery message, where the node discovery message includes: an anonymous group number, a candidate anonymous area, and an anonymous group.
  • the maximum number of anonymous group users compare whether the number of discovered nodes reaches the maximum number of anonymous group users in the neighbor node minus one, if it is reached, the anonymous success; if not, the neighbor node set and the The set of nodes has been found to be compared. If the two sets are the same, the anonymous fails and will be in the anonymous group. Send an anonymous failed message; if different, add the message broadcast hop count to 1, continue to broadcast the node discovery message, and wait for a response.
  • FIG. 6 there is shown a terminal device suitable for implementing the embodiments of the present application. Or a schematic diagram of the structure of the computer system 600 of the server.
  • computer system 600 includes a central processing unit (CPU) 601 that can be loaded into a program in random access memory (RAM) 603 according to a program stored in read only memory (ROM) 602 or from storage portion 608. And perform various appropriate actions and processes.
  • RAM random access memory
  • ROM read only memory
  • RAM random access memory
  • various programs and data required for the operation of the system 600 are also stored.
  • the CPU 601, the ROM 602, and the RAM 603 are connected to each other through a bus 604.
  • An input/output (I/O) interface 605 is also coupled to bus 604.
  • the following components are connected to the I/O interface 605: an input portion 606 including a keyboard, a mouse, etc.; an output portion 607 including a liquid crystal display (LCD) or the like, a speaker, etc.; a storage portion 608 including a hard disk or the like; and including, for example, a LAN card, A communication portion 609 of a network interface card such as a modem. The communication section 609 performs communication processing via a network such as the Internet.
  • Driver 610 is also coupled to I/O interface 605 as needed.
  • a removable medium 611 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory or the like, is mounted on the drive 610 as needed so that a computer program read therefrom is installed into the storage portion 608 as needed.
  • an embodiment of the present disclosure includes a computer program product comprising a computer program tangibly embodied on a machine readable medium, the computer program comprising program code for executing the method illustrated in the flowchart.
  • the computer program can be downloaded and installed from the network via communication portion 609, and/or installed from removable media 611.
  • the central processing unit (CPU) 601 the above-described functions defined in the method of the present application are performed.
  • each block of the flowchart or block diagrams can represent a module, a program segment, or a portion of code that includes one or more logic for implementing the specified.
  • Functional executable instructions can also occur in a different order than that illustrated in the drawings. For example, two successively represented blocks may in fact be executed substantially in parallel, and they may sometimes be executed in the reverse order, depending upon the functionality involved.
  • each block of the block diagrams and/or flowcharts, and combinations of blocks in the block diagrams and/or flowcharts can be implemented by a dedicated hardware-based system that performs the specified function or operation, or can be used A combination of dedicated hardware and computer instructions is implemented.
  • the units involved in the embodiments of the present application may be implemented by software or by hardware.
  • the described unit may also be provided in the processor, for example, as a processor including an acquisition unit, an anonymous unit, a request unit, and a selection unit.
  • the names of these units do not constitute a limitation on the unit itself in some cases.
  • the acquisition unit may also be described as “a unit that acquires location information of the map and the user terminal”.
  • the present application further provides a non-volatile computer storage medium, which may be a non-volatile computer storage medium included in the apparatus described in the foregoing embodiments; It may be a non-volatile computer storage medium that exists alone and is not assembled into the terminal.
  • the non-volatile computer storage medium stores one or more programs, when the one or more programs are executed by a device, causing the device to: acquire a map and location information of the user terminal, wherein the map is Divided into hierarchical regions and supports regional indexing, a high-level region covers multiple lower-level regions, and a lowest-level region contains a geographic information point; in the map, a minimum region that satisfies the following conditions is found as anonymity
  • the area is located in the area, the area includes at least a first number of users, and the area includes at least a second number of different geographic information points, and the area of the area does not exceed a preset area threshold, and the semantics of the area are secure.
  • the semantics of the area is secure means that the area hides location information of the user terminal; replacing the real location of the user terminal with the anonymous area, and sending to the service provider for providing the service according to the location a service request; a basis for returning from the service provider for providing a service based on location Service query result set of each geographical information anonymous area selected service query results in line with the position information of the user terminal.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Telephonic Communication Services (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

Disclosed are a method and device for protecting user location information. One particular embodiment of the method comprises: acquiring a map and location information about a user terminal; finding out the smallest region satisfying the following conditions in the map to serve as an anonymous region: the location of the user terminal is located in the region, the region at least contains a first number of users, the region at least contains a second number of different geographical information points, the area of the region does not exceed a pre-set area threshold value, and the semantics of the region are secure; using the anonymous region to replace a real location of the user terminal to send a service request to a service provider for providing a service according to a location; and selecting, from a set of service query results based on various geographical information points in the anonymous region and returned by the service provider for providing a service according to a location, a service query result satisfying the location information about the user terminal. The embodiment guarantees the privacy security of a user in a location-based service.

Description

用户位置信息保护方法和装置User location information protection method and device
相关申请的交叉引用Cross-reference to related applications
本申请要求于2016年5月10日提交的中国专利申请号为“201610305989.6”的优先权,其全部内容作为整体并入本申请中。The present application claims the priority of the Chinese Patent Application Serial No. 2016-10305989.6 filed on May 10, 2016, the entire content of which is incorporated herein in its entirety.
技术领域Technical field
本申请涉及计算机技术领域,具体涉及互联网技术领域,尤其涉及用户位置信息保护方法和装置。The present application relates to the field of computer technologies, and in particular, to the field of Internet technologies, and in particular, to a method and apparatus for protecting user location information.
背景技术Background technique
近年来,随着各类移动设备的广泛使用以及传感定位技术、无线通信技术的快速发展,基于位置的服务(Location Based Service,LBS)变得越来越流行。各类LBS应用层出不穷,除了根据位置信息为用户提供社交、生活服务的应用以外,现有的各类应用几乎都在自己的应用中加入了LBS元素。然而,这些应用在为我们生活带来便利的同时,其将用户位置信息暴露给服务提供商的特质也引发了用户对个人隐私泄露的担忧。因此,如何在为用户提供有效LBS服务的同时保障用户的隐私安全成为了亟待解决的问题。In recent years, with the widespread use of various types of mobile devices and the rapid development of sensing and positioning technologies and wireless communication technologies, Location Based Service (LBS) has become more and more popular. Various types of LBS applications emerge in an endless stream. In addition to applications that provide users with social and life services based on location information, existing applications almost all add LBS elements to their own applications. However, while these applications bring convenience to our lives, the traits of exposing user location information to service providers have also raised concerns about personal privacy breaches. Therefore, how to provide users with effective LBS services while protecting the privacy of users has become an urgent problem to be solved.
现有的LBS隐私保护方案大都没有考虑用户所在位置的语义,无法抵御语义相似性攻击,即如果用户用于替代自身位置的区域中包含的是同一种类的位置,那么攻击者仍然可以得到用户位置的类型,进一步地,可以推测出用户的健康状况、职业、兴趣爱好等隐私信息。而少有的考虑了位置语义的隐私保护方案也存在一定的局限性。Most of the existing LBS privacy protection schemes do not consider the semantics of the user's location, and cannot resist the semantic similarity attack. That is, if the area used by the user to replace the location of the user contains the same kind of location, the attacker can still obtain the user location. Further, it is possible to infer privacy information such as the user's health status, occupation, hobbies, and the like. The rare privacy protection schemes that consider location semantics also have certain limitations.
发明内容Summary of the invention
本申请的目的在于提出一种改进的用户位置信息保护方法和装置,来解决以上背景技术部分提到的技术问题。 The purpose of the present application is to propose an improved method and apparatus for protecting user location information to solve the technical problems mentioned in the background section above.
第一方面,本申请提供了一种用户位置信息保护方法,所述方法包括:获取地图和用户终端的位置信息,其中,所述地图被划分成层次性的区域并且支持区域索引,一个高层的区域覆盖多个低一层的区域,一个最低层的区域包含一个地理信息点;在所述地图中找出满足以下条件的最小区域作为匿名区域:用户终端的位置位于区域中、区域中至少包括第一数目个用户、区域中至少包括第二数目个不同的地理信息点、区域的面积不超过预设的面积阈值、区域的语义是安全的,其中,所述区域的语义是安全的指的是所述区域隐藏了用户终端的位置信息;用所述匿名区域代替用户终端的真实位置向用于根据位置来提供服务的服务提供商发送服务请求;从所述用于根据位置来提供服务的服务提供商返回的基于所述匿名区域中的各个地理信息点的服务查询结果集合中选出符合用户终端的位置信息的服务查询结果。In a first aspect, the present application provides a user location information protection method, the method comprising: acquiring a map and location information of a user terminal, wherein the map is divided into hierarchical regions and supports regional index, a high-level The area covers a plurality of lower layers, and the lowest layer includes a geographic information point; the smallest area that satisfies the following conditions is found in the map as an anonymous area: the location of the user terminal is located in the area, and the area includes at least The first number of users and regions include at least a second number of different geographic information points, and the area of the region does not exceed a preset area threshold, and the semantics of the region are safe, wherein the semantics of the region is secure. Is that the area hides location information of the user terminal; replacing the real location of the user terminal with the anonymous area to send a service request to a service provider for providing a service according to the location; from the providing service for the location according to the location Service query results returned by the service provider based on individual geographic information points in the anonymous area Location information in line with the user's terminal together selected service query results.
在一些实施例中,所述方法还包括对地图的预处理,包括:将所述地图中的每个地理信息点用一个最小边界矩形覆盖,计算每个最小边界矩形中心的希尔伯特值作为该最小边界矩形的希尔伯特值,利用所述希尔伯特值对所述地图构造Hilbert R-树;从第三方数据源获得描述所述Hilbert R-树中每个最小边界矩形所包含的区域的地点特征的一个或多个标签来表示所述区域的位置类别;计算所述Hilbert R-树中每个最小边界矩形所包含的区域对于每个位置类别的区域敏感度;将所述区域敏感度存放在所述Hilbert R-树的相应的叶子节点中;其中,所述区域敏感度的计算包括:将所述区域中与所述位置类别相关的所有标签放入一个标签集合中;用条件熵计算所述标签集合中的任一标签或者多个标签组合对确定所述位置类别的贡献度;计算所述区域中所有位置都拥有所述标签集合中的任一标签或者多个标签组合的概率;将所述贡献度和所述概率结合起来得到所述区域中所述标签集合中的任一标签或者多个标签组合对所述位置类别的不确定度;将最小的不确定度值作为所述区域对所述位置类别的区域敏感度。In some embodiments, the method further includes pre-processing the map, including: overlaying each geographic information point in the map with a minimum bounding rectangle, and calculating a Hilbert value of each of the minimum bounding rectangle centers As a Hilbert value of the minimum bounding rectangle, a Hilbert R-tree is constructed for the map using the Hilbert value; and each of the minimum bounding rectangles in the Hilbert R-tree is obtained from a third-party data source One or more tags of the location features of the included region to represent the location categories of the regions; calculating regional sensitivities for each of the location categories for each of the minimum bounding rectangles in the Hilbert R-tree; The area sensitivity is stored in a corresponding leaf node of the Hilbert R-tree; wherein the calculation of the area sensitivity comprises: placing all tags in the area related to the location category into a tag set Calculating, by conditional entropy, the contribution of any one or more of the tag sets in determining the location category; calculating that all locations in the region have Determining the probability of any one or more of the combinations of labels; combining the contribution and the probability to obtain any of the labels in the region or a combination of labels to the location The uncertainty of the category; the smallest uncertainty value is used as the area sensitivity of the area to the location category.
在一些实施例中,当所述区域敏感度大于预设的区域敏感度阈值时所述区域的语义是安全的。In some embodiments, the semantics of the region is safe when the region sensitivity is greater than a predetermined region sensitivity threshold.
在一些实施例中,所述在所述地图中找出满足以下条件的区域作 为候选匿名区域:所述用户终端的位置位于区域中、区域中至少包括第一数目个用户、区域中至少包括第二数目个不同的地理信息点、区域的面积不超过预设的面积阈值、区域的语义是安全的,包括:在所述地图中找出满足以下条件的区域作为候选匿名区域:所述用户终端的位置位于区域中、区域中至少包括第二数目个不同的地理信息点、区域的面积不超过预设的面积阈值、区域的语义是安全的;在所述用户终端的位置附近寻找第一数目减1个具有与所述候选匿名区域相同的匿名区域的用户,若找到,则匿名成功,所述候选匿名区域为最终匿名区域;若没有找到,则选取所述候选区域的上一层区域作为新的候选区域,重复第一数目减1个邻居用户的发现操作,直到匿名成功或候选匿名区域面积达到预设的面积阈值为止。In some embodiments, the finding a region in the map that satisfies the following conditions a candidate anonymous area: the location of the user terminal is located in the area, the area includes at least a first number of users, and the area includes at least a second number of different geographic information points, and the area of the area does not exceed a preset area threshold, The semantics of the area is secure, including: finding an area in the map that satisfies the following condition as a candidate anonymous area: the location of the user terminal is located in the area, and the area includes at least a second number of different geographic information points, The area of the area does not exceed the preset area threshold, and the semantics of the area are secure; finding a first number minus one user having the same anonymous area as the candidate anonymous area near the location of the user terminal, if found, Then, the anonymous success is successful, the candidate anonymous area is the final anonymous area; if not found, the upper layer area of the candidate area is selected as a new candidate area, and the first number is reduced by one neighbor user's discovery operation until anonymous The success or candidate anonymous area area reaches the preset area threshold.
在一些实施例中,所述在所述用户终端的位置附近寻找第一数目减1个具有与所述候选匿名区域相同的匿名区域的用户,包括:以单跳或多跳通信的方式发现具有相同候选匿名区域的邻居用户,形成匿名成功的匿名组;将匿名成功的消息广播给所述匿名组内的所有用户;所述匿名组内用户用所述候选匿名区域代替自身真实位置向用于根据位置来提供服务的服务提供商发起服务请求,所述服务请求处理成功后,所述匿名组解散。In some embodiments, the finding, in the vicinity of the location of the user terminal, the first number minus one user having the same anonymous area as the candidate anonymous area comprises: discovering by means of single-hop or multi-hop communication Neighboring users of the same candidate anonymous area form an anonymous anonymous group; broadcast an anonymous successful message to all users in the anonymous group; the anonymous group user replaces the real location with the candidate anonymous area The service provider that provides the service according to the location initiates a service request, and after the service request is successfully processed, the anonymous group is dissolved.
在一些实施例中,所述以单跳或多跳通信的方式发现具有相同候选匿名区域的邻居用户,形成匿名成功的匿名组,包括:广播节点发现消息,所述节点发现消息包括:匿名组编号、候选匿名区域、匿名组用户数、消息广播跳数;接收邻居用户的响应消息,所述响应消息包括:具有相同候选匿名区域的邻居节点集合;将收到的所述邻居节点集合放入已发现节点的集合,查看所述邻居节点集合的所有邻居节点中最大的匿名组用户数值是否大于节点发现消息中的匿名组用户数,若大于,则将所述节点发现消息中的匿名组用户数更新为所述邻居节点中最大的匿名组用户数;比较已发现节点的个数是否达到所述邻居节点中最大的匿名组用户数减1个,若达到,则匿名成功;若未达到,将所述邻居节点集合和所述已发现节点的集合进行比较,若两个集合相同,则匿名失败,将在所述匿名组内发送匿名失败的消息; 若不同,则将消息广播跳数加1,继续广播所述节点发现消息,等待响应。In some embodiments, the neighboring users having the same candidate anonymous area are discovered in a single-hop or multi-hop communication manner to form an anonymously successful anonymous group, including: a broadcast node discovery message, where the node discovery message includes: an anonymous group The number, the candidate anonymous area, the number of anonymous group users, the number of message broadcast hops, and the response message of the neighboring user, the response message includes: a set of neighbor nodes having the same candidate anonymous area; and the received set of neighbor nodes is placed A set of nodes is found, and the maximum anonymous group user value of all neighbor nodes of the neighbor node set is greater than the number of anonymous group users in the node discovery message. If it is greater, the anonymous group user in the node discovery message is The number is updated to the maximum number of anonymous group users in the neighbor node; whether the number of discovered nodes reaches the largest number of anonymous group users in the neighbor node minus one, if it is reached, the anonymous success is successful; if not, Comparing the set of neighbor nodes with the set of discovered nodes, if the two sets are the same, then Anonymity fails, an anonymous failed message will be sent within the anonymous group; If it is different, the message broadcast hop count is incremented by one, and the node discovery message is continuously broadcasted, waiting for a response.
第二方面,本申请提供了一种用户位置信息保护装置,所述装置包括:获取单元,配置用于获取地图和用户终端的位置信息,其中,所述地图被划分成层次性的区域并且支持区域索引,一个高层的区域覆盖多个低一层的区域,一个最低层的区域包含一个地理信息点;匿名单元,配置用于在所述地图中找出满足以下条件的最小区域作为匿名区域:所述用户终端的位置位于区域中、区域中至少包括第一数目个用户、区域中至少包括第二数目个不同的地理信息点、区域的面积不超过预设的面积阈值、区域的语义是安全的,其中,所述区域的语义是安全的指的是攻击者无法从所述用户终端的位置信息推测出用户的个人信息;请求单元,配置用于用所述匿名区域代替用户终端的真实位置向用于根据位置来提供服务的服务提供商发送服务请求;选取单元,配置用于从所述用于根据位置来提供服务的服务提供商返回的基于所述匿名区域中的各个地理信息点的服务查询结果集合中选出符合用户终端的位置信息的服务查询结果。In a second aspect, the present application provides a user location information protection apparatus, where the apparatus includes: an acquisition unit configured to acquire a map and location information of a user terminal, wherein the map is divided into hierarchical regions and supported A regional index, a high-level area covering a plurality of lower-level areas, a lowest-level area containing a geographic information point, and an anonymous unit configured to find a minimum area in the map that satisfies the following conditions as an anonymous area: The location of the user terminal is located in the area, and the area includes at least a first number of users, and the area includes at least a second number of different geographic information points, and the area of the area does not exceed a preset area threshold, and the semantics of the area are secure. The semantics of the area is safe, meaning that the attacker cannot infer the personal information of the user from the location information of the user terminal; the requesting unit is configured to replace the real location of the user terminal with the anonymous area. Send a service request to a service provider that provides services based on location; select a unit, configure Selected service location information query results in line with the user terminal returned from the service provider for providing services based on the service location query results based on the set point information of the respective geographic region of anonymity.
在一些实施例中,所述装置还包括地图预处理单元,所述地图预处理单元配置用于:将所述地图中的每个地理信息点用一个最小边界矩形覆盖,计算每个最小边界矩形中心的希尔伯特值作为该最小边界矩形的希尔伯特值,利用所述希尔伯特值对所述地图构造Hilbert R-树;从第三方数据源获得描述所述Hilbert R-树中每个最小边界矩形所包含的区域的地点特征的一个或多个标签来表示所述区域的位置类别;计算所述Hilbert R-树中每个最小边界矩形所包含的区域对于每个位置类别的区域敏感度;将所述区域敏感度存放在所述Hilbert R-树的相应的叶子节点中;其中,所述区域敏感度的计算包括:将所述区域中与所述位置类别相关的所有标签放入一个标签集合中;用条件熵计算所述标签集合中的任一标签或者多个标签组合对确定所述位置类别的贡献度;计算所述区域中所有位置都拥有所述标签集合中的任一标签或者多个标签组合的概率;将所述贡献度和所述概率结合起来得到所述区域中所述标签集合中的任一标签或者多个标签组合对所述位置类 别的不确定度;将最小的不确定度值作为所述区域对所述位置类别的区域敏感度。In some embodiments, the apparatus further includes a map pre-processing unit configured to: overlay each geographic information point in the map with a minimum bounding rectangle, and calculate each minimum bounding rectangle a Hilbert value of the center as a Hilbert value of the minimum bounding rectangle, constructing a Hilbert R-tree for the map using the Hilbert value; obtaining a description of the Hilbert R-tree from a third-party data source One or more labels of the location features of the regions included in each of the minimum bounding rectangles to represent the location categories of the regions; calculating the regions included in each of the minimum bounding rectangles in the Hilbert R-tree for each location category Regional sensitivity; storing the regional sensitivity in a corresponding leaf node of the Hilbert R-tree; wherein the calculation of the regional sensitivity comprises: all of the regions associated with the location category The tag is placed in a tag set; conditional entropy is used to calculate the contribution of any tag or combination of tags in the tag set to determine the location category; All locations in the region have a probability of any one of the tag sets or a plurality of tag combinations; combining the contribution degree with the probability to obtain any tag in the tag set in the region or more Label combination for the location class Other uncertainty; the smallest uncertainty value is used as the regional sensitivity of the region to the location category.
在一些实施例中,当所述区域敏感度大于预设的区域敏感度阈值时所述区域的语义是安全的。In some embodiments, the semantics of the region is safe when the region sensitivity is greater than a predetermined region sensitivity threshold.
在一些实施例中,所述匿名单元还配置用于:在所述地图中找出满足以下条件的区域作为候选匿名区域:所述用户终端的位置位于区域中、区域中至少包括第二数目个不同的地理信息点、区域的面积不超过预设的面积阈值、区域的语义是安全的;在所述用户终端的位置附近寻找第一数目减1个具有与所述候选匿名区域相同的匿名区域的用户,若找到,则匿名成功,所述候选匿名区域为最终匿名区域;若没有找到,则选取所述候选区域的上一层区域作为新的候选区域,重复第一数目减1个邻居用户的发现操作,直到匿名成功或候选匿名区域面积达到预设的面积阈值为止。In some embodiments, the anonymous unit is further configured to: find, in the map, an area that satisfies the following condition as a candidate anonymous area: the location of the user terminal is located in the area, and the area includes at least a second number of Different geographic information points, areas of the area do not exceed a preset area threshold, the semantics of the area are safe; finding a first number minus one of the same anonymous area as the candidate anonymous area near the location of the user terminal If the user is found, the anonymous success is successful, and the candidate anonymous area is the final anonymous area; if not found, the upper layer area of the candidate area is selected as the new candidate area, and the first number is decreased by one neighbor user. The discovery operation until the anonymous success or the candidate anonymous area reaches the preset area threshold.
在一些实施例中,所述匿名单元还配置用于:以单跳或多跳通信的方式发现具有相同候选匿名区域的邻居用户,形成匿名成功的匿名组;将匿名成功的消息广播给所述匿名组内的所有用户;所述匿名组内用户用所述候选匿名区域代替自身真实位置向用于根据位置来提供服务的服务提供商发起服务请求,所述服务请求处理成功后,所述匿名组解散。In some embodiments, the anonymous unit is further configured to: discover neighboring users having the same candidate anonymous area in a single hop or multi-hop communication manner, form an anonymous successful anonymous group; broadcast an anonymous successful message to the All users in the anonymous group; the anonymous group user uses the candidate anonymous area to replace the real location to initiate a service request to the service provider for providing the service according to the location, and after the service request is successfully processed, the anonymous The group is dissolved.
在一些实施例中,所述匿名单元还配置用于:广播节点发现消息,所述节点发现消息包括:匿名组编号、候选匿名区域、匿名组用户数、消息广播跳数;接收邻居用户的响应消息,所述响应消息包括:具有相同候选匿名区域的邻居节点集合;将收到的所述邻居节点集合放入已发现节点的集合,查看所述邻居节点集合的所有邻居节点中最大的匿名组用户数值是否大于节点发现消息中的匿名组用户数,若大于,则将所述节点发现消息中的匿名组用户数更新为所述邻居节点中最大的匿名组用户数;比较已发现节点的个数是否达到所述邻居节点中最大的匿名组用户数减1个,若达到,则匿名成功;若未达到,将所述邻居节点集合和所述已发现节点的集合进行比较,若两个集合相同,则匿名失败,将在所述匿名组内发送匿名失败的消息;若不同,则将 消息广播跳数加1,继续广播所述节点发现消息,等待响应。In some embodiments, the anonymous unit is further configured to: broadcast a node discovery message, where the node discovery message includes: an anonymous group number, a candidate anonymous area, an anonymous group user number, a message broadcast hop count, and a response received by the neighbor user. a message, the response message includes: a set of neighbor nodes having the same candidate anonymous region; placing the received set of neighbor nodes into a set of discovered nodes, and viewing the largest anonymous group among all neighbor nodes of the set of neighbor nodes Whether the user value is greater than the number of anonymous group users in the node discovery message, and if yes, updating the number of anonymous group users in the node discovery message to the largest number of anonymous group users in the neighbor node; comparing the number of discovered nodes Whether the number reaches the maximum number of anonymous group users in the neighbor node minus one, if it is reached, the anonymous success; if not, compares the set of neighbor nodes with the set of discovered nodes, if two sets If the same, the anonymous failure will send an anonymous failed message within the anonymous group; if different, it will The message broadcast hop count is incremented by one, and the node discovery message continues to be broadcast, waiting for a response.
本申请提供的用户位置信息保护方法和装置,通过区域内用户间协同合作形成匿名区域,使用匿名区域代替用户真实位置来发起基于位置的服务请求,从提供服务的服务提供商返回的基于匿名区域中的服务查询结果集合中选出符合用户真实信息的服务查询结果,有效地保护了用户的真实位置信息,防止用户敏感信息和行为的泄露。The user location information protection method and apparatus provided by the application form an anonymous area by cooperation among users in the area, and use the anonymous area to replace the real location of the user to initiate a location-based service request, and the anonymous area returned from the service provider providing the service The service query result in the service query result set selects the service query result that meets the user's real information, effectively protects the user's real location information, and prevents the user's sensitive information and behavior from being leaked.
附图说明DRAWINGS
通过阅读参照以下附图所作的对非限制性实施例所作的详细描述,本申请的其它特征、目的和优点将会变得更明显:Other features, objects, and advantages of the present application will become more apparent from the detailed description of the accompanying drawings.
图1是本申请可以应用于其中的示例性***架构图;1 is an exemplary system architecture diagram to which the present application can be applied;
图2是根据本申请的用户位置信息保护方法的一个实施例的流程图;2 is a flow chart of one embodiment of a method for protecting user location information according to the present application;
图3是根据本申请的用户位置信息保护方法的一个应用场景的示意图;3 is a schematic diagram of an application scenario of a method for protecting user location information according to the present application;
图4是根据本申请的用户位置信息保护方法的又一个实施例的流程图;4 is a flow chart of still another embodiment of a method for protecting user location information according to the present application;
图5是根据本申请的用户位置信息保护装置的一个实施例的结构示意图;FIG. 5 is a schematic structural diagram of an embodiment of a user location information protection apparatus according to the present application; FIG.
图6是适于用来实现本申请实施例的终端设备或服务器的计算机***的结构示意图。FIG. 6 is a schematic structural diagram of a computer system suitable for implementing a terminal device or a server of an embodiment of the present application.
具体实施方式detailed description
下面结合附图和实施例对本申请作进一步的详细说明。可以理解的是,此处所描述的具体实施例仅仅用于解释相关发明,而非对该发明的限定。另外还需要说明的是,为了便于描述,附图中仅示出了与有关发明相关的部分。The present application will be further described in detail below with reference to the accompanying drawings and embodiments. It is understood that the specific embodiments described herein are merely illustrative of the invention, rather than the invention. It is also to be noted that, for the convenience of description, only the parts related to the related invention are shown in the drawings.
需要说明的是,在不冲突的情况下,本申请中的实施例及实施例中的特征可以相互组合。下面将参考附图并结合实施例来详细说明本申请。 It should be noted that the embodiments in the present application and the features in the embodiments may be combined with each other without conflict. The present application will be described in detail below with reference to the accompanying drawings.
图1示出了可以应用本申请的用户位置信息保护方法或用户位置信息保护装置的实施例的示例性***架构100。FIG. 1 illustrates an exemplary system architecture 100 of an embodiment of a user location information protection method or user location information protection device to which the present application may be applied.
如图1所示,***架构100可以包括终端设备101、102、103,网络104和服务器105。网络104用以在终端设备101、102、103和服务器105之间提供通信链路的介质。网络104可以包括各种连接类型,例如有线、无线通信链路或者光纤电缆等等。As shown in FIG. 1, system architecture 100 can include terminal devices 101, 102, 103, network 104, and server 105. The network 104 is used to provide a medium for communication links between the terminal devices 101, 102, 103 and the server 105. Network 104 may include various types of connections, such as wired, wireless communication links, fiber optic cables, and the like.
用户可以使用终端设备101、102、103通过网络104与服务器105交互,以接收或发送消息等。终端设备101、102、103上可以安装有各种基于位置服务的客户端应用,例如网页浏览器应用、购物类应用、搜索类应用、即时通信工具、邮箱客户端、社交平台软件等。The user can interact with the server 105 over the network 104 using the terminal devices 101, 102, 103 to receive or transmit messages and the like. Various location service-based client applications, such as a web browser application, a shopping application, a search application, an instant communication tool, a mailbox client, a social platform software, and the like, may be installed on the terminal devices 101, 102, and 103.
终端设备101、102、103可以是具有显示屏并且支持基于位置服务的各种电子设备,包括但不限于智能手机、平板电脑、电子书阅读器、MP3播放器(Moving Picture Experts Group Audio Layer III,动态影像专家压缩标准音频层面3)、MP4(Moving Picture Experts Group Audio Layer IV,动态影像专家压缩标准音频层面4)播放器、膝上型便携计算机和台式计算机等等。The terminal devices 101, 102, 103 may be various electronic devices having a display screen and supporting location-based services, including but not limited to smart phones, tablets, e-book readers, MP3 players (Moving Picture Experts Group Audio Layer III, The motion picture expert compresses the standard audio layer 3), MP4 (Moving Picture Experts Group Audio Layer IV) player, laptop portable computer and desktop computer, and the like.
服务器105可以是提供各种服务的服务器,例如对终端设备101、102、103基于位置的服务提供支持的后台服务器。后台服务器可以对接收到的基于位置的服务请求等数据进行分析等处理,并将处理结果(例如餐厅查询结果数据)反馈给终端设备。 Server 105 may be a server that provides various services, such as a background server that provides support for location-based services of terminal devices 101, 102, 103. The background server may perform processing such as analyzing the received location-based service request and the like, and feed back the processing result (for example, restaurant query result data) to the terminal device.
需要说明的是,本申请实施例所提供的用户位置信息保护方法一般由终端设备101、102、103执行,相应地,用户位置信息保护装置一般设置于终端设备101、102、103中。It should be noted that the user location information protection method provided by the embodiment of the present application is generally performed by the terminal devices 101, 102, and 103. Accordingly, the user location information protection device is generally disposed in the terminal devices 101, 102, and 103.
应该理解,图1中的终端设备、网络和服务器的数目仅仅是示意性的。根据实现需要,可以具有任意数目的终端设备、网络和服务器。It should be understood that the number of terminal devices, networks, and servers in Figure 1 is merely illustrative. Depending on the implementation needs, there can be any number of terminal devices, networks, and servers.
继续参考图2,示出了根据本申请的用户位置信息保护方法的一个实施例的流程200。所述的用户位置信息保护方法,包括以下步骤:With continued reference to FIG. 2, a flow 200 of one embodiment of a method of user location information protection in accordance with the present application is illustrated. The user location information protection method includes the following steps:
步骤201,获取地图和用户终端的位置信息。Step 201: Obtain location information of the map and the user terminal.
在本实施例中,用户位置信息保护方法运行于其上的电子设备(例 如图1所示的终端设备101、102、103)可以通过有线连接方式或者无线连接方式从后台服务器(例如图1所示的服务器105)获取经预处理的地图,并通过定位装置获取用户终端的位置信息。其中,该地图被划分成层次性的区域并且支持区域索引,一个高层的区域覆盖多个低一层的区域,一个最低层的区域包含一个地理信息点。In this embodiment, the electronic device on which the user location information protection method operates (example The terminal device 101, 102, 103) shown in FIG. 1 can acquire the preprocessed map from a background server (for example, the server 105 shown in FIG. 1) by a wired connection method or a wireless connection method, and acquire the user terminal through the positioning device. Location information. The map is divided into hierarchical regions and supports regional indexes. A high-level region covers multiple lower-level regions, and a lowest-level region contains a geographic information point.
在本实施例的一些可选的实现方式中,用户位置信息保护方法还包括对地图的预处理,包括:将所述地图中的每个地理信息点用一个最小边界矩形覆盖,计算每个最小边界矩形中心的希尔伯特值作为该最小边界矩形的希尔伯特值,利用所述希尔伯特值对所述地图构造Hilbert R-树;从第三方数据源获得描述所述Hilbert R-树中每个最小边界矩形所包含的区域的地点特征的一个或多个标签来表示所述区域的位置类别;计算所述Hilbert R-树中每个最小边界矩形所包含的区域对于每个位置类别的区域敏感度;将所述区域敏感度存放在所述Hilbert R-树的相应的叶子节点中;其中,所述区域敏感度的计算包括:将所述区域中与所述位置类别相关的所有标签放入一个标签集合中;用条件熵计算所述标签集合中的任一标签或者多个标签组合对确定所述位置类别的贡献度;计算所述区域中所有位置都拥有所述标签集合中的任一标签或者多个标签组合的概率;将所述贡献度和所述概率结合起来得到所述区域中所述标签集合中的任一标签或者多个标签组合对所述位置类别的不确定度;将最小的不确定度值作为所述区域对所述位置类别的区域敏感度。In some optional implementation manners of the embodiment, the user location information protection method further includes: preprocessing the map, including: overlaying each geographic information point in the map with a minimum bounding rectangle, and calculating each minimum a Hilbert value of the center of the bounding rectangle as a Hilbert value of the minimum bounding rectangle, constructing a Hilbert R-tree for the map using the Hilbert value; obtaining a description of the Hilbert R from a third-party data source - one or more labels of the location features of the regions contained in each of the minimum bounding rectangles in the tree to represent the location categories of the regions; calculating the regions contained in each of the minimum bounding rectangles in the Hilbert R-tree for each The area sensitivity of the location category; storing the area sensitivity in a corresponding leaf node of the Hilbert R-tree; wherein the calculation of the area sensitivity comprises: correlating the area with the location category All tags are placed in a tag set; conditional entropy is used to calculate the contribution of any tag or combinations of tags in the tag set to determine the location category Calculating a probability that all locations in the region have any one or more of the tag sets; combining the contribution and the probability to obtain any of the tag sets in the region The uncertainty of the location category for the tag or tags; the smallest uncertainty value is used as the region sensitivity of the region to the location class.
在本实施例的一些可选的实现方式中,对所述地图构造Hilbert R-树,包括:将地图中的每个地理信息点用一个MBR(Minimal Bounding Rectangle,最小边界矩形)覆盖,计算每个MBR中心的希尔伯特值并将其作为该MBR的希尔伯特值;将所有MBR按照其希尔伯特值进行升序排列,并将它们划分为[|SL|/M]+1组,除了最后一组,每个组都包含M个MBR,接着将每组中所有的MBR***同一个叶子节点,其中,|SL|是地理信息点集合SL的地理信息点个数,M是自然数;对每组MBR,使用一个更大的MBR去覆盖他们,并将该MBR存储到与这组MBR相对应的叶子节点的父节点中,最终得到的[|SL|/M]+1个父节点 就是第二层节点;将第二层节点按创建时间的升序进行排序并将它们划分为几个组,为每组中所有的节点创建一个高一层的节点作为它们的父节点,重复该操作直到产生一个根节点。In some optional implementation manners of the embodiment, constructing a Hilbert R-tree for the map includes: overlaying each geographic information point in the map with an MBR (Minimal Bounding Rectangle), and calculating each The Hilbert values of the MBR centers are used as the Hilbert values of the MBR; all MBRs are sorted in ascending order according to their Hilbert values, and they are divided into [|S L |/M]+ 1 group, except for the last group, each group contains M MBRs, and then all MBRs in each group are inserted into the same leaf node, where |S L | is the number of geographic information points of the geographic information point set S L M is a natural number; for each group of MBRs, a larger MBR is used to cover them, and the MBR is stored in the parent node of the leaf node corresponding to the group of MBRs, and the resulting [|S L |/M ]+1 parent node is the second layer node; the second layer node is sorted in ascending order of creation time and divided into several groups, and a higher layer node is created for all nodes in each group as their The parent node repeats the operation until a root node is generated.
在本实施例的一些可选的实现方式中,当所述区域敏感度大于预设的区域敏感度阈值时所述区域的语义是安全的。In some optional implementation manners of this embodiment, the semantics of the region is safe when the region sensitivity is greater than a preset region sensitivity threshold.
步骤202,在地图中找出满足匿名条件的最小区域作为匿名区域。Step 202: Find a minimum area in the map that satisfies the anonymous condition as an anonymous area.
在本实施例中,区域的匿名条件为:用户终端的位置位于区域中、区域中至少包括第一数目个用户、区域中至少包括第二数目个不同的地理信息点、区域的面积不超过预设的面积阈值、区域的语义是安全的,其中,区域的语义是安全的指的是所述区域隐藏了用户终端的位置信息。例如,用户终端的匿名区域要满足的条件是:该区域包括用户终端的位置的地理信息点,该区域中至少包括6个用户,该区域至少包括10个不同的地理信息点,区域的面积不超过预设的面积阈值1平方公里,该区域的语义是安全的,即隐藏了用户终端的位置信息。In this embodiment, the anonymity condition of the area is: the location of the user terminal is located in the area, the area includes at least a first number of users, and the area includes at least a second number of different geographic information points, and the area of the area does not exceed The area threshold and the semantics of the area are safe. The semantics of the area is safe. The area hides the location information of the user terminal. For example, the condition that the anonymous area of the user terminal is to be satisfied is that the area includes a geographic information point of the location of the user terminal, and the area includes at least six users, and the area includes at least 10 different geographic information points, and the area of the area is not Exceeding the preset area threshold of 1 square kilometer, the semantics of the area is safe, that is, the location information of the user terminal is hidden.
位置语义的定义和描述如下所示:The definition and description of location semantics are as follows:
一个位置的语义蕴含着其上活动用户的行为模式,并和一种特定的位置类别有关。例如,通常在用餐时间被访问的地方,我们可以推断它是个餐馆;而通常在半夜被访问的地方,我们可以推断它是一个娱乐场所。因此,位置语义是位置的功能性描述。这些描述与时间特征、用户行为和周围环境等信息都有关系。The semantics of a location implies the behavioral patterns of the active users on it and are related to a specific location category. For example, where it is usually visited during mealtimes, we can infer that it is a restaurant; and where it is usually visited in the middle of the night, we can infer that it is a place of entertainment. Therefore, location semantics is a functional description of the location. These descriptions are related to information such as time characteristics, user behavior, and the surrounding environment.
采用不同用户为同一个位置标注的一系列用来描述该位置功能和特点的标签来描述该位置的语义。我们认为一个标签和一个位置类别有关当且仅当在属于该类别的所有位置中,至少有一个位置拥有该标签。The semantics of the location are described by a series of labels used by different users to describe the location function and features for the same location. We consider a tag to be associated with a location category if and only if there is at least one location in all of the locations that belong to the category.
步骤203,用匿名区域代替用户终端的真实位置向用于根据位置来提供服务的服务提供商发送服务请求。Step 203: Substituting the anonymous area for the real location of the user terminal to send a service request to the service provider for providing the service according to the location.
在本实施例中,用户发送基于位置的服务请求时不使用自己的真实位置,而是用一个包含真实位置的匿名区域代替,这样可以使用户的真实位置隐藏起来,保护用户的隐私。例如,用户在西单大悦城里向某点评网请求查询附近最受欢迎的餐厅时,终端根据步骤202找到了一个匿名区域,该匿名区域还包括了其他几个附近的商场,将该匿 名区域作为用户的真实位置向某点评网请求查询匿名区域中最受欢迎的餐厅。In this embodiment, the user does not use his own real location when sending the location-based service request, but instead uses an anonymous area containing the real location, which can hide the user's real location and protect the user's privacy. For example, when a user requests a certain review website to inquire about the most popular restaurants in Xidan Joy City, the terminal finds an anonymous area according to step 202, and the anonymous area also includes several other nearby shopping malls. The name area asks a review network for the most popular restaurant in the anonymous area as the user's real location.
步骤204,从用于根据位置来提供服务的服务提供商返回的基于匿名区域中的各个地理信息点的服务查询结果集合中选出符合用户终端的位置信息的服务查询结果。Step 204: Select a service query result that matches location information of the user terminal from a service query result set based on each geographic information point in the anonymous area returned by the service provider for providing the service according to the location.
在本实施例中,由于匿名区域中包括多个地理信息点,因此提供服务的服务提供商返回了多个服务查询结果,从中选出符合用户终端的位置信息的服务查询结果。例如,在步骤203中,用户用匿名区域作为用户的真实位置向某点评网请求查询匿名区域中最受欢迎的餐厅,返回的查询结果中不单包括大悦城,还包括君太百货、西单商场等位置的查询结果,终端从中选出真实位置大悦城附近的餐厅作为最终查询结果。In this embodiment, since the anonymous area includes a plurality of geographic information points, the service provider providing the service returns a plurality of service query results, and selects a service query result that matches the location information of the user terminal. For example, in step 203, the user requests the most popular restaurant in the anonymous area from the anonymous area as the real location of the user, and the returned query result includes not only Joy City, but also Juntai Department Store and Xidan Shopping Center. The result of the query at the same location, the terminal selects the restaurant near the real location of Joy City as the final query result.
继续参见图3,图3是根据本实施例的用户位置信息保护方法的应用场景的一个示意图。在图3的应用场景中,终端301首先检测是否已从LBS服务器获取最新版本的地图,若没有,则马上下载。在此基础上,终端301在地图中找出满足匿名条件的区域308作为匿名区域,将区域308连同查找附近餐厅的请求一起发送给LBS服务器307,LBS服务器307将查询的结果集发送给终端301,该查询的结果集中除了包含基于终端301的位置查询的结果之外还包含基于终端302、303、304、305、306的位置查询得到的结果。终端从这个查询结果集中选出基于终端301的位置查询的结果。With continued reference to FIG. 3, FIG. 3 is a schematic diagram of an application scenario of the user location information protection method according to the embodiment. In the application scenario of FIG. 3, the terminal 301 first detects whether the latest version of the map has been acquired from the LBS server, and if not, downloads it immediately. On this basis, the terminal 301 finds the area 308 satisfying the anonymous condition as an anonymous area in the map, and sends the area 308 together with the request for finding a nearby restaurant to the LBS server 307, and the LBS server 307 transmits the result set of the query to the terminal 301. The result set of the query includes results obtained based on the location queries of the terminals 302, 303, 304, 305, 306 in addition to the results of the location query based on the terminal 301. The terminal selects the result of the location query based on the terminal 301 from the query result set.
本申请的上述实施例提供的方法通过用匿名区域替代用户真实位置向LBS服务提供器发送LBS请求,有效地保护了用户的真实位置信息,防止用户敏感信息和行为的泄露。The method provided by the above embodiment of the present application effectively protects the real location information of the user by using the anonymous area instead of the real location of the user to send the LBS request to the LBS service provider, thereby preventing leakage of sensitive information and behavior of the user.
进一步参考图4,其示出了用户位置信息保护方法的又一个实施例的流程400。该用户位置信息保护方法的流程400,包括以下步骤:With further reference to FIG. 4, a flow 400 of yet another embodiment of a method of protecting user location information is illustrated. The process 400 of the user location information protection method includes the following steps:
步骤401,获取地图和用户终端的位置信息。Step 401: Obtain location information of the map and the user terminal.
在本实施例中,用户位置信息保护方法运行于其上的电子设备(例如图1所示的终端设备101、102、103)可以通过有线连接方式或者 无线连接方式从后台服务器(例如图1所示的服务器105)获取经预处理的地图,并通过定位装置获取用户终端的位置信息。其中,该地图被划分成层次性的区域并且支持区域索引,一个高层的区域覆盖多个低一层的区域,一个最低层的区域包含一个地理信息点。In this embodiment, the electronic device on which the user location information protection method runs (for example, the terminal devices 101, 102, and 103 shown in FIG. 1) may be connected by wire or The wireless connection mode acquires the preprocessed map from a background server (for example, the server 105 shown in FIG. 1), and acquires location information of the user terminal through the positioning device. The map is divided into hierarchical regions and supports regional indexes. A high-level region covers multiple lower-level regions, and a lowest-level region contains a geographic information point.
步骤402,在地图中找出满足匿名条件的最小区域作为匿名区域。Step 402: Find a minimum area in the map that satisfies the anonymous condition as an anonymous area.
在本实施例中,区域的匿名条件为:用户终端的位置位于区域中、区域中至少包括第二数目个不同的地理信息点、区域的面积不超过预设的面积阈值、区域的语义是安全的。例如,用户终端的匿名区域要满足的条件是:该区域包括用户终端的位置的地理信息点,该区域至少包括10个不同的地理信息点,区域的面积不超过预设的面积阈值1平方公里,该区域的语义是安全的,即隐藏了用户终端的位置信息。In this embodiment, the anonymity condition of the area is: the location of the user terminal is located in the area, the area includes at least a second number of different geographic information points, and the area of the area does not exceed a preset area threshold, and the semantics of the area are secure. of. For example, the condition that the anonymous area of the user terminal is to be satisfied is that the area includes a geographic information point of the location of the user terminal, and the area includes at least 10 different geographic information points, and the area of the area does not exceed a preset area threshold of 1 square kilometer. The semantics of the area are secure, that is, the location information of the user terminal is hidden.
步骤403,判断是否找到第一数目减1个具有与候选匿名区域相同的匿名区域的用户。In step 403, it is judged whether the first number minus one user having the same anonymous area as the candidate anonymous area is found.
在本实施例中,该匿名区域需要有第一数目个用户,因此需要另外找出第一数目减1个具有与候选匿名区域相同的匿名区域的用户。例如,在执行步骤402之后在候选匿名区域中寻找5个与候选匿名区域相同的匿名区域的用户。In this embodiment, the anonymous area needs to have a first number of users, so it is necessary to additionally find the first number minus one user having the same anonymous area as the candidate anonymous area. For example, after performing step 402, five users of the same anonymous area as the candidate anonymous area are sought in the candidate anonymous area.
在本实施例的一些可选的实现方式中,以单跳或多跳通信的方式发现具有相同候选匿名区域的邻居用户,形成匿名成功的匿名组;将匿名成功的消息广播给所述匿名组内的所有用户;所述匿名组内用户用所述候选匿名区域代替自身真实位置向用于根据位置来提供服务的服务提供商发起服务请求,所述服务请求处理成功后,所述匿名组解散。In some optional implementation manners of the embodiment, the neighboring users having the same candidate anonymous area are found in a single-hop or multi-hop communication manner to form an anonymous anonymous group; the anonymous successful message is broadcast to the anonymous group. All users within the anonymous group; the user in the anonymous group uses the candidate anonymous area instead of its real location to initiate a service request to a service provider for providing a service according to the location, and after the service request is successfully processed, the anonymous group is dissolved. .
在本实施例的一些可选的实现方式中,以单跳或多跳通信的方式发现具有相同候选匿名区域的邻居用户,形成匿名成功的匿名组,包括:广播节点发现消息,所述节点发现消息包括:匿名组编号、候选匿名区域、匿名组用户数、消息广播跳数;接收邻居用户的响应消息,所述响应消息包括:具有相同候选匿名区域的邻居节点集合;将收到的所述邻居节点集合放入已发现节点的集合,查看所述邻居节点集合的所有邻居节点中最大的匿名组用户数值是否大于节点发现消息中的匿名组用户数,若大于,则将所述节点发现消息中的匿名组用户数更 新为所述邻居节点中最大的匿名组用户数;比较已发现节点的个数是否达到所述邻居节点中最大的匿名组用户数减1个,若达到,则匿名成功;若未达到,将所述邻居节点集合和所述已发现节点的集合进行比较,若两个集合相同,则匿名失败,将在所述匿名组内发送匿名失败的消息;若不同,则将消息广播跳数加1,继续广播所述节点发现消息,等待响应。例如,用户S需要找到4个与其匿名区域相同的用户,用户S广播了消息广播跳数为1的节点发现消息后,接收到的邻居用户的响应消息中用户A需要6个与其匿名区域相同的用户,用户B需要4个与其匿名区域相同的用户,用户C需要5个与其匿名区域相同的用户,用户D需要5个与其匿名区域相同的用户,此时虽然邻居用户数4达到用户S的要求,但不满足用户A的匿名组用户数6的要求,则将消息广播跳数加1再次广播节点发现消息,用户A、用户B、用户C和用户D收到节点发现消息后,判断出此时消息广播跳数为2,则将消息广播跳数减1后,再继续向其它用户广播消息广播跳数为1的节点发现消息,用户E和用户F收到该节点发现消息后判断出自己满足匿名条件且消息广播跳数为1后不再继续向其它用户广播,而是响应其收到的节点发现消息。用户A、用户B、用户C和用户D将收到的响应用户E和用户F连同本身一起发给用户S。In some optional implementation manners of the embodiment, the neighboring users having the same candidate anonymous area are found in a single-hop or multi-hop communication manner to form an anonymous anonymous group, including: a broadcast node discovery message, and the node is found. The message includes: an anonymous group number, a candidate anonymous area, an anonymous group number of users, a message broadcast hop count, and a response message of the neighboring user, the response message includes: a set of neighbor nodes having the same candidate anonymous area; The neighbor node set is placed in the set of discovered nodes, and the maximum anonymous group user value of all neighbor nodes of the neighbor node set is greater than the number of anonymous group users in the node discovery message. If it is greater, the node discovery message is sent. The number of anonymous groups in the user is more The number of the largest anonymous group users in the neighboring node; whether the number of discovered nodes reaches the largest number of anonymous group users in the neighboring node minus one, if it is reached, the anonymous success is successful; if not, the Comparing the set of neighbor nodes with the set of discovered nodes. If the two sets are the same, the anonymity fails, and an anonymous failure message is sent in the anonymous group; if different, the number of the message broadcast hops is increased by one. , continue to broadcast the node discovery message, waiting for a response. For example, user S needs to find four users who are the same as their anonymous areas. After user S broadcasts a node discovery message with a message broadcast hop count of 1, user A needs six identical anonymous areas in the response message of the received neighbor user. User B, user B needs 4 users with the same anonymous area. User C needs 5 users with the same anonymous area. User D needs 5 users with the same anonymous area. At this time, although the number of neighbor users 4 meets the requirements of user S. However, if the number of anonymous group users 6 of the user A is not satisfied, the message broadcast hop count is incremented by one to broadcast the node discovery message again, and the user A, the user B, the user C, and the user D determine the message after receiving the node discovery message. When the message broadcast hop count is 2, the message broadcast hop count is decremented by 1, and then the node discovery message of the message broadcast hop count of 1 is continuously broadcast to other users, and the user E and the user F determine the self after receiving the node discovery message. After the anonymous condition is satisfied and the number of message broadcast hops is 1, the broadcast is not continued to other users, but the node discovery message is received in response. User A, User B, User C, and User D will send the response User E and User F together with themselves to User S.
步骤404,候选匿名区域为最终匿名区域。In step 404, the candidate anonymous area is the final anonymous area.
在本实施例中,如果在步骤403找到了第一数目减1个具有与候选匿名区域相同的匿名区域的用户,则将该候选匿名区域为最终匿名区域,继续执行步骤406、407。In the present embodiment, if the first number minus one user having the same anonymous area as the candidate anonymous area is found in step 403, the candidate anonymous area is the final anonymous area, and steps 406, 407 are continued.
步骤405,选取候选区域的上一层区域作为新的候选区域。In step 405, the upper layer area of the candidate area is selected as a new candidate area.
在本实施例中,如果在步骤403没有找到第一数目减1个具有与候选匿名区域相同的匿名区域的用户,则选取候选区域的上一层区域作为新的候选区域重复第一数目减1个邻居用户的发现操作,直到匿名成功或候选匿名区域面积达到预设的面积阈值为止。例如,如果在步骤403中只找到了4个与候选匿名区域相同的匿名区域的用户,则将查找范围扩大成候选区域的上一层区域再进行查找,直到找到5个与候选匿名区域相同的匿名区域的用户或者匿名区域面积达到预设的面积1 平方公里为止。In this embodiment, if the first number minus one user having the same anonymous area as the candidate anonymous area is not found in step 403, the upper layer area of the candidate area is selected as the new candidate area, and the first number is decreased by one. The discovery operation of the neighboring users until the success of the anonymous or the area of the candidate anonymous area reaches the preset area threshold. For example, if only four users of the same anonymous area as the candidate anonymous area are found in step 403, the search range is expanded to the upper layer area of the candidate area and then searched until five identical anonymous areas are found. The user or anonymous area of the anonymous area reaches the preset area 1 Square kilometers.
步骤406,用匿名区域代替用户终端的真实位置向用于根据位置来提供服务的服务提供商发送服务请求。 Step 406, replacing the real location of the user terminal with the anonymous area to send a service request to the service provider for providing the service according to the location.
与步骤203类似,因此不再赘述。Similar to step 203, and therefore will not be described again.
步骤407,从用于根据位置来提供服务的服务提供商返回的基于匿名区域中的各个地理信息点的服务查询结果集合中选出符合用户终端的位置信息的服务查询结果。Step 407: Select a service query result that matches location information of the user terminal from a service query result set based on each geographic information point in the anonymous area returned by the service provider for providing the service according to the location.
与步骤204类似,因此不再赘述。Similar to step 204, and therefore will not be described again.
从图4中可以看出,与图2对应的实施例相比,本实施例中的用户位置信息保护方法的流程400突出了找到具有与候选匿名区域相同的匿名区域的用户的步骤。由此,本实施例描述的方案可以找到使多个用户都满足匿名条件的匿名区域,从而实现更全面的用户位置信息保护。As can be seen from FIG. 4, the flow 400 of the user location information protection method in this embodiment highlights the step of finding a user having the same anonymous area as the candidate anonymous area, as compared to the embodiment corresponding to FIG. Thus, the solution described in this embodiment can find an anonymous area that enables multiple users to satisfy the anonymous condition, thereby achieving more comprehensive protection of user location information.
进一步参考图5,作为对上述各图所示方法的实现,本申请提供了一种用户位置信息保护装置的一个实施例,该装置实施例与图2所示的方法实施例相对应,该装置具体可以应用于各种电子设备中。With further reference to FIG. 5, as an implementation of the method shown in the above figures, the present application provides an embodiment of a user location information protection apparatus, and the apparatus embodiment corresponds to the method embodiment shown in FIG. It can be specifically applied to various electronic devices.
如图5所示,本实施例所述的用户位置信息保护装置500包括:获取单元501、匿名单元502、请求单元503和选取单元504。其中,获取单元501配置用于获取地图和用户终端的位置信息,其中,所述地图被划分成层次性的区域并且支持区域索引,一个高层的区域覆盖多个低一层的区域,一个最低层的区域包含一个地理信息点;匿名单元502配置用于在所述地图中找出满足以下条件的最小区域作为匿名区域:所述用户终端的位置位于区域中、区域中至少包括第一数目个用户、区域中至少包括第二数目个不同的地理信息点、区域的面积不超过预设的面积阈值、区域的语义是安全的,其中,所述区域的语义是安全的指的是攻击者无法从所述用户终端的位置信息推测出用户的个人信息;请求单元503配置用于用所述匿名区域代替用户终端的真实位置向用于根据位置来提供服务的服务提供商发送服务请求;选取单元504配置用于从所述用于根据位置来提供服务的服务提供商返回的基于所述匿名区域中的各 个地理信息点的服务查询结果集合中选出符合用户终端的位置信息的服务查询结果。As shown in FIG. 5, the user location information protection apparatus 500 described in this embodiment includes: an obtaining unit 501, an anonymizing unit 502, a requesting unit 503, and a selecting unit 504. The acquiring unit 501 is configured to acquire location information of the map and the user terminal, where the map is divided into hierarchical regions and supports the regional index, and a high-level region covers multiple lower-level regions, and a lower layer. The area includes a geographic information point; the anonymous unit 502 is configured to find a minimum area in the map that satisfies the following condition: the location of the user terminal is located in the area, and the area includes at least a first number of users The area includes at least a second number of different geographic information points, and the area of the area does not exceed a preset area threshold. The semantics of the area are safe. The semantics of the area is safe. The attacker cannot The location information of the user terminal infers the personal information of the user; the requesting unit 503 is configured to use the anonymous area to replace the real location of the user terminal to send a service request to a service provider for providing a service according to the location; the selecting unit 504 Configuring a basis for returning from the service provider for providing a service based on location Anonymous region each A service query result that matches the location information of the user terminal is selected in the service query result set of the geographic information points.
在本实施例中,用户位置信息保护装置500的获取单元501可以通过有线连接方式或者无线连接方式从后台服务器(例如图1所示的服务器105)获取经预处理的地图。In this embodiment, the obtaining unit 501 of the user location information protection apparatus 500 can acquire the preprocessed map from a background server (for example, the server 105 shown in FIG. 1) by a wired connection method or a wireless connection manner.
在本实施例中,用户位置信息保护装置500的请求单元503可以通过有线连接方式或者无线连接方式向后台服务器(例如图1所示的服务器105)发送基于位置的服务请求,在该请求中使用了匿名单元502中生成的匿名区域代替用户的真实位置。In this embodiment, the request unit 503 of the user location information protection apparatus 500 may send a location-based service request to a background server (for example, the server 105 shown in FIG. 1) by using a wired connection manner or a wireless connection manner, and use the request in the request. The anonymous area generated in the anonymous unit 502 replaces the real location of the user.
在本实施例中,用户位置信息保护装置500的选取单元504可以从后台服务器接收基于位置的服务的查询结果集,并从该查询结果集中找到与用户的真实位置匹配的查询结果。In this embodiment, the selecting unit 504 of the user location information protection apparatus 500 may receive a query result set of the location-based service from the background server, and find a query result that matches the real location of the user from the query result set.
在本实施例的一些可选的实现方式中,用户位置信息保护装置还包括地图预处理单元,所述地图预处理单元配置用于:将所述地图中的每个地理信息点用一个最小边界矩形覆盖,计算每个最小边界矩形中心的希尔伯特值作为该最小边界矩形的希尔伯特值,利用所述希尔伯特值对所述地图构造Hilbert R-树;从第三方数据源获得描述所述Hilbert R-树中每个最小边界矩形所包含的区域的地点特征的一个或多个标签来表示所述区域的位置类别;计算所述Hilbert R-树中每个最小边界矩形所包含的区域对于每个位置类别的区域敏感度;将所述区域敏感度存放在所述Hilbert R-树的相应的叶子节点中;其中,所述区域敏感度的计算包括:将所述区域中与所述位置类别相关的所有标签放入一个标签集合中;用条件熵计算所述标签集合中的任一标签或者多个标签组合对确定所述位置类别的贡献度;计算所述区域中所有位置都拥有所述标签集合中的任一标签或者多个标签组合的概率;将所述贡献度和所述概率结合起来得到所述区域中所述标签集合中的任一标签或者多个标签组合对所述位置类别的不确定度;将最小的不确定度值作为所述区域对所述位置类别的区域敏感度。In some optional implementation manners of the embodiment, the user location information protection apparatus further includes a map pre-processing unit, where the map pre-processing unit is configured to: use a minimum boundary for each geographic information point in the map Rectangular coverage, calculating a Hilbert value of the center of each minimum boundary rectangle as a Hilbert value of the minimum bounding rectangle, constructing a Hilbert R-tree with the Hilbert value; from third party data The source obtains one or more labels describing the location features of the regions included in each of the minimum bounding rectangles in the Hilbert R-tree to represent the location categories of the regions; calculating each of the minimum bounding rectangles in the Hilbert R-tree The area sensitivity of the included area for each location category; storing the area sensitivity in a corresponding leaf node of the Hilbert R-tree; wherein the calculation of the area sensitivity comprises: All tags associated with the location category are placed in a tag set; conditional entropy is used to calculate any tag or combination of tags in the tag set a degree of contribution of the location category; calculating a probability that all locations in the region have any of the tags or a plurality of tag combinations in the set of tags; combining the contribution and the probability to obtain the region The uncertainty of the location category by any one or more of the label sets; the smallest uncertainty value is used as the area sensitivity of the area to the location category.
在本实施例的一些可选的实现方式中,当所述区域敏感度大于预设的区域敏感度阈值时所述区域的语义是安全的。 In some optional implementation manners of this embodiment, the semantics of the region is safe when the region sensitivity is greater than a preset region sensitivity threshold.
在本实施例的一些可选的实现方式中,用户位置信息保护装置中的匿名单元502还配置用于:在所述地图中找出满足以下条件的区域作为候选匿名区域:所述用户终端的位置位于区域中、区域中至少包括第二数目个不同的地理信息点、区域的面积不超过预设的面积阈值、区域的语义是安全的;在所述用户终端的位置附近寻找第一数目减1个具有与所述候选匿名区域相同的匿名区域的用户,若找到,则匿名成功,所述候选匿名区域为最终匿名区域;若没有找到,则选取所述候选区域的上一层区域作为新的候选区域,重复第一数目减1个邻居用户的发现操作,直到匿名成功或候选匿名区域面积达到预设的面积阈值为止。In some optional implementation manners of the embodiment, the anonymous unit 502 in the user location information protection apparatus is further configured to: find, in the map, an area that satisfies the following condition as a candidate anonymous area: the user terminal The location is located in the area, the area includes at least a second number of different geographic information points, the area of the area does not exceed a preset area threshold, the semantics of the area is secure; and the first number is reduced near the location of the user terminal. 1 user having the same anonymous area as the candidate anonymous area, if found, anonymously succeeds, the candidate anonymous area is the final anonymous area; if not found, the upper layer area of the candidate area is selected as new The candidate region repeats the discovery operation of the first number minus one neighbor user until the anonymous success or the candidate anonymous region area reaches a preset area threshold.
在本实施例的一些可选的实现方式中,用户位置信息保护装置中的匿名单元502还配置用于:以单跳或多跳通信的方式发现具有相同候选匿名区域的邻居用户,形成匿名成功的匿名组;将匿名成功的消息广播给所述匿名组内的所有用户;所述匿名组内用户用所述候选匿名区域代替自身真实位置向用于根据位置来提供服务的服务提供商发起服务请求,所述服务请求处理成功后,所述匿名组解散。In some optional implementation manners of the embodiment, the anonymous unit 502 in the user location information protection apparatus is further configured to: discover neighboring users with the same candidate anonymous area in a single-hop or multi-hop communication manner to form an anonymous success. Anonymous group; broadcasts an anonymously successful message to all users in the anonymous group; the anonymous group user uses the candidate anonymous area instead of its real location to initiate a service to a service provider for providing a service according to the location The request, after the service request is processed successfully, the anonymous group is dissolved.
在本实施例的一些可选的实现方式中,用户位置信息保护装置中的匿名单元502还配置用于:广播节点发现消息,所述节点发现消息包括:匿名组编号、候选匿名区域、匿名组用户数、消息广播跳数;接收邻居用户的响应消息,所述响应消息包括:具有相同候选匿名区域的邻居节点集合;将收到的所述邻居节点集合放入已发现节点的集合,查看所述邻居节点集合的所有邻居节点中最大的匿名组用户数值是否大于节点发现消息中的匿名组用户数,若大于,则将所述节点发现消息中的匿名组用户数更新为所述邻居节点中最大的匿名组用户数;比较已发现节点的个数是否达到所述邻居节点中最大的匿名组用户数减1个,若达到,则匿名成功;若未达到,将所述邻居节点集合和所述已发现节点的集合进行比较,若两个集合相同,则匿名失败,将在所述匿名组内发送匿名失败的消息;若不同,则将消息广播跳数加1,继续广播所述节点发现消息,等待响应。In some optional implementation manners of the embodiment, the anonymous unit 502 in the user location information protection apparatus is further configured to: broadcast a node discovery message, where the node discovery message includes: an anonymous group number, a candidate anonymous area, and an anonymous group. The number of users, the number of hops of the message broadcast, and the response message of the neighboring user, the response message includes: a set of neighbor nodes having the same candidate anonymous area; placing the received set of neighbor nodes into the set of discovered nodes, and viewing the set Whether the value of the largest anonymous group user among the neighbor nodes of the set of neighbor nodes is greater than the number of anonymous group users in the node discovery message. If it is greater, the number of anonymous group users in the node discovery message is updated to the neighbor node. The maximum number of anonymous group users; compare whether the number of discovered nodes reaches the maximum number of anonymous group users in the neighbor node minus one, if it is reached, the anonymous success; if not, the neighbor node set and the The set of nodes has been found to be compared. If the two sets are the same, the anonymous fails and will be in the anonymous group. Send an anonymous failed message; if different, add the message broadcast hop count to 1, continue to broadcast the node discovery message, and wait for a response.
下面参考图6,其示出了适于用来实现本申请实施例的终端设备 或服务器的计算机***600的结构示意图。Referring now to Figure 6, there is shown a terminal device suitable for implementing the embodiments of the present application. Or a schematic diagram of the structure of the computer system 600 of the server.
如图6所示,计算机***600包括中央处理单元(CPU)601,其可以根据存储在只读存储器(ROM)602中的程序或者从存储部分608加载到随机访问存储器(RAM)603中的程序而执行各种适当的动作和处理。在RAM 603中,还存储有***600操作所需的各种程序和数据。CPU 601、ROM 602以及RAM 603通过总线604彼此相连。输入/输出(I/O)接口605也连接至总线604。As shown in FIG. 6, computer system 600 includes a central processing unit (CPU) 601 that can be loaded into a program in random access memory (RAM) 603 according to a program stored in read only memory (ROM) 602 or from storage portion 608. And perform various appropriate actions and processes. In the RAM 603, various programs and data required for the operation of the system 600 are also stored. The CPU 601, the ROM 602, and the RAM 603 are connected to each other through a bus 604. An input/output (I/O) interface 605 is also coupled to bus 604.
以下部件连接至I/O接口605:包括键盘、鼠标等的输入部分606;包括诸如液晶显示器(LCD)等以及扬声器等的输出部分607;包括硬盘等的存储部分608;以及包括诸如LAN卡、调制解调器等的网络接口卡的通信部分609。通信部分609经由诸如因特网的网络执行通信处理。驱动器610也根据需要连接至I/O接口605。可拆卸介质611,诸如磁盘、光盘、磁光盘、半导体存储器等等,根据需要安装在驱动器610上,以便于从其上读出的计算机程序根据需要被安装入存储部分608。The following components are connected to the I/O interface 605: an input portion 606 including a keyboard, a mouse, etc.; an output portion 607 including a liquid crystal display (LCD) or the like, a speaker, etc.; a storage portion 608 including a hard disk or the like; and including, for example, a LAN card, A communication portion 609 of a network interface card such as a modem. The communication section 609 performs communication processing via a network such as the Internet. Driver 610 is also coupled to I/O interface 605 as needed. A removable medium 611, such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory or the like, is mounted on the drive 610 as needed so that a computer program read therefrom is installed into the storage portion 608 as needed.
特别地,根据本公开的实施例,上文参考流程图描述的过程可以被实现为计算机软件程序。例如,本公开的实施例包括一种计算机程序产品,其包括有形地包含在机器可读介质上的计算机程序,所述计算机程序包含用于执行流程图所示的方法的程序代码。在这样的实施例中,该计算机程序可以通过通信部分609从网络上被下载和安装,和/或从可拆卸介质611被安装。在该计算机程序被中央处理单元(CPU)601执行时,执行本申请的方法中限定的上述功能。In particular, the processes described above with reference to the flowcharts may be implemented as a computer software program in accordance with an embodiment of the present disclosure. For example, an embodiment of the present disclosure includes a computer program product comprising a computer program tangibly embodied on a machine readable medium, the computer program comprising program code for executing the method illustrated in the flowchart. In such an embodiment, the computer program can be downloaded and installed from the network via communication portion 609, and/or installed from removable media 611. When the computer program is executed by the central processing unit (CPU) 601, the above-described functions defined in the method of the present application are performed.
附图中的流程图和框图,图示了按照本申请各种实施例的***、方法和计算机程序产品的可能实现的体系架构、功能和操作。在这点上,流程图或框图中的每个方框可以代表一个模块、程序段、或代码的一部分,所述模块、程序段、或代码的一部分包含一个或多个用于实现规定的逻辑功能的可执行指令。也应当注意,在有些作为替换的实现中,方框中所标注的功能也可以以不同于附图中所标注的顺序发生。例如,两个接连地表示的方框实际上可以基本并行地执行,它们有时也可以按相反的顺序执行,这依所涉及的功能而定。也要注意的 是,框图和/或流程图中的每个方框、以及框图和/或流程图中的方框的组合,可以用执行规定的功能或操作的专用的基于硬件的***来实现,或者可以用专用硬件与计算机指令的组合来实现。The flowchart and block diagrams in the Figures illustrate the architecture, functionality and operation of possible implementations of systems, methods and computer program products in accordance with various embodiments of the present application. In this regard, each block of the flowchart or block diagrams can represent a module, a program segment, or a portion of code that includes one or more logic for implementing the specified. Functional executable instructions. It should also be noted that in some alternative implementations, the functions noted in the blocks may also occur in a different order than that illustrated in the drawings. For example, two successively represented blocks may in fact be executed substantially in parallel, and they may sometimes be executed in the reverse order, depending upon the functionality involved. Also pay attention Yes, each block of the block diagrams and/or flowcharts, and combinations of blocks in the block diagrams and/or flowcharts can be implemented by a dedicated hardware-based system that performs the specified function or operation, or can be used A combination of dedicated hardware and computer instructions is implemented.
描述于本申请实施例中所涉及到的单元可以通过软件的方式实现,也可以通过硬件的方式来实现。所描述的单元也可以设置在处理器中,例如,可以描述为:一种处理器包括获取单元、匿名单元、请求单元和选取单元。其中,这些单元的名称在某种情况下并不构成对该单元本身的限定,例如,获取单元还可以被描述为“获取地图和用户终端的位置信息的单元”。The units involved in the embodiments of the present application may be implemented by software or by hardware. The described unit may also be provided in the processor, for example, as a processor including an acquisition unit, an anonymous unit, a request unit, and a selection unit. The names of these units do not constitute a limitation on the unit itself in some cases. For example, the acquisition unit may also be described as “a unit that acquires location information of the map and the user terminal”.
作为另一方面,本申请还提供了一种非易失性计算机存储介质,该非易失性计算机存储介质可以是上述实施例中所述装置中所包含的非易失性计算机存储介质;也可以是单独存在,未装配入终端中的非易失性计算机存储介质。上述非易失性计算机存储介质存储有一个或者多个程序,当所述一个或者多个程序被一个设备执行时,使得所述设备:获取地图和用户终端的位置信息,其中,所述地图被划分成层次性的区域并且支持区域索引,一个高层的区域覆盖多个低一层的区域,一个最低层的区域包含一个地理信息点;在所述地图中找出满足以下条件的最小区域作为匿名区域:用户终端的位置位于区域中、区域中至少包括第一数目个用户、区域中至少包括第二数目个不同的地理信息点、区域的面积不超过预设的面积阈值、区域的语义是安全的,其中,所述区域的语义是安全的指的是所述区域隐藏了用户终端的位置信息;用所述匿名区域代替用户终端的真实位置向用于根据位置来提供服务的服务提供商发送服务请求;从所述用于根据位置来提供服务的服务提供商返回的基于所述匿名区域中的各个地理信息点的服务查询结果集合中选出符合用户终端的位置信息的服务查询结果。In another aspect, the present application further provides a non-volatile computer storage medium, which may be a non-volatile computer storage medium included in the apparatus described in the foregoing embodiments; It may be a non-volatile computer storage medium that exists alone and is not assembled into the terminal. The non-volatile computer storage medium stores one or more programs, when the one or more programs are executed by a device, causing the device to: acquire a map and location information of the user terminal, wherein the map is Divided into hierarchical regions and supports regional indexing, a high-level region covers multiple lower-level regions, and a lowest-level region contains a geographic information point; in the map, a minimum region that satisfies the following conditions is found as anonymity The area is located in the area, the area includes at least a first number of users, and the area includes at least a second number of different geographic information points, and the area of the area does not exceed a preset area threshold, and the semantics of the area are secure. Wherein the semantics of the area is secure means that the area hides location information of the user terminal; replacing the real location of the user terminal with the anonymous area, and sending to the service provider for providing the service according to the location a service request; a basis for returning from the service provider for providing a service based on location Service query result set of each geographical information anonymous area selected service query results in line with the position information of the user terminal.
以上描述仅为本申请的较佳实施例以及对所运用技术原理的说明。本领域技术人员应当理解,本申请中所涉及的发明范围,并不限于上述技术特征的特定组合而成的技术方案,同时也应涵盖在不脱离所述发明构思的情况下,由上述技术特征或其等同特征进行任意组合 而形成的其它技术方案。例如上述特征与本申请中公开的(但不限于)具有类似功能的技术特征进行互相替换而形成的技术方案。 The above description is only a preferred embodiment of the present application and a description of the principles of the applied technology. It should be understood by those skilled in the art that the scope of the invention referred to in the present application is not limited to the specific combination of the above technical features, and should also be covered by the above technical features without departing from the inventive concept. Or any combination of its equivalent features And other technical solutions formed. For example, the above features are combined with the technical features disclosed in the present application, but are not limited to the technical features having similar functions.

Claims (14)

  1. 一种用户位置信息保护方法,其特征在于,所述方法包括:A method for protecting user location information, characterized in that the method comprises:
    获取地图和用户终端的位置信息,其中,所述地图被划分成层次性的区域并且支持区域索引,一个高层的区域覆盖多个低一层的区域,一个最低层的区域包含一个地理信息点;Obtaining location information of the map and the user terminal, wherein the map is divided into hierarchical regions and supports the regional index, a high-level region covers a plurality of lower-level regions, and a lowest-level region includes a geographic information point;
    在所述地图中找出满足以下条件的最小区域作为匿名区域:用户终端的位置位于区域中、区域中至少包括第一数目个用户、区域中至少包括第二数目个不同的地理信息点、区域的面积不超过预设的面积阈值、区域的语义是安全的,其中,所述区域的语义是安全的指的是所述区域隐藏了用户终端的位置信息;A minimum area that satisfies the following conditions is found in the map as an anonymous area: the location of the user terminal is located in the area, the area includes at least a first number of users, and the area includes at least a second number of different geographic information points and areas. The area does not exceed the preset area threshold, and the semantics of the area are safe, wherein the semantics of the area is safe means that the area hides the location information of the user terminal;
    用所述匿名区域代替用户终端的真实位置向用于根据位置来提供服务的服务提供商发送服务请求;Replacing the real location of the user terminal with the anonymous area to send a service request to a service provider for providing a service according to the location;
    从所述用于根据位置来提供服务的服务提供商返回的基于所述匿名区域中的各个地理信息点的服务查询结果集合中选出符合用户终端的位置信息的服务查询结果。Selecting, from the service query result set returned by the service provider for providing the service according to the location based on each geographic information point in the anonymous area, a service query result that matches the location information of the user terminal.
  2. 根据权利要求1所述的用户位置信息保护方法,其特征在于,所述方法还包括对地图的预处理,包括:The user location information protection method according to claim 1, wherein the method further comprises: preprocessing the map, comprising:
    将所述地图中的每个地理信息点用一个最小边界矩形覆盖,计算每个最小边界矩形中心的希尔伯特值作为该最小边界矩形的希尔伯特值,利用所述希尔伯特值对所述地图构造Hilbert R-树;Each geographic information point in the map is covered with a minimum bounding rectangle, and a Hilbert value of the center of each minimum bounding rectangle is calculated as a Hilbert value of the minimum bounding rectangle, using the Hilbert Constructing a Hilbert R-tree to the map;
    从第三方数据源获得描述所述Hilbert R-树中每个最小边界矩形所包含的区域的地点特征的一个或多个标签来表示所述区域的位置类别;Obtaining one or more tags describing a location feature of an area included in each of the minimum bounding rectangles in the Hilbert R-tree from a third party data source to represent a location category of the area;
    计算所述Hilbert R-树中每个最小边界矩形所包含的区域对于每个位置类别的区域敏感度;Calculating a region sensitivity of each region included in each of the minimum bounding rectangles in the Hilbert R-tree for each location category;
    将所述区域敏感度存放在所述Hilbert R-树的相应的叶子节点中;Storing the area sensitivity in a corresponding leaf node of the Hilbert R-tree;
    其中,所述区域敏感度的计算包括:Wherein, the calculation of the regional sensitivity includes:
    将所述区域中与所述位置类别相关的所有标签放入一个标签集合 中;Placing all tags in the region related to the location category into a tag set in;
    用条件熵计算所述标签集合中的任一标签或者多个标签组合对确定所述位置类别的贡献度;Calculating, by conditional entropy, the contribution of any one of the tag sets or the plurality of tag combinations to determining the location category;
    计算所述区域中所有位置都拥有所述标签集合中的任一标签或者多个标签组合的概率;Calculating a probability that all locations in the region have any of the tags or a plurality of tag combinations in the set of tags;
    将所述贡献度和所述概率结合起来得到所述区域中所述标签集合中的任一标签或者多个标签组合对所述位置类别的不确定度;Combining the contribution degree and the probability to obtain an uncertainty of the location category by any one or a plurality of label combinations in the label set in the area;
    将最小的不确定度值作为所述区域对所述位置类别的区域敏感度。The smallest uncertainty value is taken as the area sensitivity of the area to the location category.
  3. 根据权利要求2所述的用户位置信息保护方法,其特征在于,当所述区域敏感度大于预设的区域敏感度阈值时所述区域的语义是安全的。The user location information protection method according to claim 2, wherein the semantics of the region is safe when the region sensitivity is greater than a preset region sensitivity threshold.
  4. 根据权利要求1所述的用户位置信息保护方法,其特征在于,所述在所述地图中找出满足以下条件的区域作为候选匿名区域:所述用户终端的位置位于区域中、区域中至少包括第一数目个用户、区域中至少包括第二数目个不同的地理信息点、区域的面积不超过预设的面积阈值、区域的语义是安全的,包括:The user location information protection method according to claim 1, wherein the region that finds the following condition is found in the map as a candidate anonymous region: the location of the user terminal is located in the region, and the region includes at least The first number of users and the area include at least a second number of different geographic information points, and the area of the area does not exceed a preset area threshold. The semantics of the area are safe, including:
    在所述地图中找出满足以下条件的区域作为候选匿名区域:所述用户终端的位置位于区域中、区域中至少包括第二数目个不同的地理信息点、区域的面积不超过预设的面积阈值、区域的语义是安全的;An area that meets the following conditions is found in the map as a candidate anonymous area: the location of the user terminal is located in the area, and the area includes at least a second number of different geographic information points, and the area of the area does not exceed a preset area. The semantics of thresholds and regions are safe;
    在所述用户终端的位置附近寻找第一数目减1个具有与所述候选匿名区域相同的匿名区域的用户,若找到,则匿名成功,所述候选匿名区域为最终匿名区域;Finding a first number minus one user having the same anonymous area as the candidate anonymous area near the location of the user terminal, if found, the anonymous success is successful, and the candidate anonymous area is the final anonymous area;
    若没有找到,则选取所述候选区域的上一层区域作为新的候选区域,重复第一数目减1个邻居用户的发现操作,直到匿名成功或候选匿名区域面积达到预设的面积阈值为止。If not found, the upper layer area of the candidate area is selected as a new candidate area, and the discovery operation of the first number minus one neighbor user is repeated until the anonymous success or the area of the candidate anonymous area reaches a preset area threshold.
  5. 根据权利要求4所述的用户位置信息保护方法,其特征在于, 所述在所述用户终端的位置附近寻找第一数目减1个具有与所述候选匿名区域相同的匿名区域的用户,包括:The user location information protection method according to claim 4, wherein The finding, in the vicinity of the location of the user terminal, the first number minus one user having the same anonymous area as the candidate anonymous area, includes:
    以单跳或多跳通信的方式发现具有相同候选匿名区域的邻居用户,形成匿名成功的匿名组;Discovering neighboring users with the same candidate anonymous area in a single-hop or multi-hop communication manner to form an anonymous anonymous group;
    将匿名成功的消息广播给所述匿名组内的所有用户;Broadcast an anonymous successful message to all users in the anonymous group;
    所述匿名组内用户用所述候选匿名区域代替自身真实位置向用于根据位置来提供服务的服务提供商发起服务请求,所述服务请求处理成功后,所述匿名组解散。The anonymous group user initiates a service request to the service provider for providing the service according to the location by using the candidate anonymous area instead of the real location. After the service request processing is successful, the anonymous group is dissolved.
  6. 根据权利要求5所述的用户位置信息保护方法,其特征在于,所述以单跳或多跳通信的方式发现具有相同候选匿名区域的邻居用户,形成匿名成功的匿名组,包括:The user location information protection method according to claim 5, wherein the discovering the neighboring users having the same candidate anonymous area in a single-hop or multi-hop communication manner to form an anonymous anonymous group comprises:
    广播节点发现消息,所述节点发现消息包括:匿名组编号、候选匿名区域、匿名组用户数、消息广播跳数;The broadcast node discovery message includes: an anonymous group number, a candidate anonymous area, an anonymous group user number, and a message broadcast hop count;
    接收邻居用户的响应消息,所述响应消息包括:具有相同候选匿名区域的邻居节点集合;Receiving a response message of the neighbor user, where the response message includes: a set of neighbor nodes having the same candidate anonymous region;
    将收到的所述邻居节点集合放入已发现节点的集合,查看所述邻居节点集合的所有邻居节点中最大的匿名组用户数值是否大于节点发现消息中的匿名组用户数,若大于,则将所述节点发现消息中的匿名组用户数更新为所述邻居节点中最大的匿名组用户数;The received set of neighbor nodes is placed in the set of discovered nodes, and the maximum anonymous group user value of all the neighbor nodes of the neighbor node set is greater than the number of anonymous group users in the node discovery message. Updating the number of anonymous group users in the node discovery message to the largest number of anonymous group users in the neighbor node;
    比较已发现节点的个数是否达到所述邻居节点中最大的匿名组用户数减1个,若达到,则匿名成功;Compare whether the number of nodes has reached the maximum number of anonymous group users in the neighbor node minus one, and if so, the anonymous success;
    若未达到,将所述邻居节点集合和所述已发现节点的集合进行比较,若两个集合相同,则匿名失败,将在所述匿名组内发送匿名失败的消息;若不同,则将消息广播跳数加1,继续广播所述节点发现消息,等待响应。If not, comparing the set of neighbor nodes with the set of discovered nodes, if the two sets are the same, the anonymity fails, and an anonymous failure message is sent in the anonymous group; if different, the message is sent The broadcast hop count is incremented by one, and the node discovery message continues to be broadcast, waiting for a response.
  7. 一种用户位置信息保护装置,其特征在于,所述装置包括:A user location information protection device, characterized in that the device comprises:
    获取单元,配置用于获取地图和用户终端的位置信息,其中,所述地图被划分成层次性的区域并且支持区域索引,一个高层的区域覆 盖多个低一层的区域,一个最低层的区域包含一个地理信息点;An obtaining unit configured to acquire location information of the map and the user terminal, wherein the map is divided into hierarchical regions and supports the regional index, and a high-level regional overlay Covering multiple lower level areas, one lowest level area containing a geographic information point;
    匿名单元,配置用于在所述地图中找出满足以下条件的最小区域作为匿名区域:所述用户终端的位置位于区域中、区域中至少包括第一数目个用户、区域中至少包括第二数目个不同的地理信息点、区域的面积不超过预设的面积阈值、区域的语义是安全的,其中,所述区域的语义是安全的指的是攻击者无法从所述用户终端的位置信息推测出用户的个人信息;An anonymous unit, configured to find a minimum area in the map that meets the following conditions: the location of the user terminal is located in the area, the area includes at least a first number of users, and the area includes at least a second number The different geographic information points, the area of the area does not exceed the preset area threshold, and the semantics of the area are safe. The semantics of the area is safe. The attacker cannot guess from the location information of the user terminal. Out of the user's personal information;
    请求单元,配置用于用所述匿名区域代替用户终端的真实位置向用于根据位置来提供服务的服务提供商发送服务请求;a requesting unit configured to use the anonymous area to replace a real location of the user terminal to send a service request to a service provider for providing a service according to the location;
    选取单元,配置用于从所述用于根据位置来提供服务的服务提供商返回的基于所述匿名区域中的各个地理信息点的服务查询结果集合中选出符合用户终端的位置信息的服务查询结果。a selecting unit, configured to select, from the service query result set returned by the service provider for providing the service according to the location, the service query that meets the location information of the user terminal based on the service query result set of each geographic information point in the anonymous area result.
  8. 根据权利要求7所述的用户位置信息保护装置,其特征在于,所述装置还包括地图预处理单元,所述地图预处理单元配置用于:The user position information protection device according to claim 7, wherein the device further comprises a map preprocessing unit, and the map preprocessing unit is configured to:
    将所述地图中的每个地理信息点用一个最小边界矩形覆盖,计算每个最小边界矩形中心的希尔伯特值作为该最小边界矩形的希尔伯特值,利用所述希尔伯特值对所述地图构造Hilbert R-树;Each geographic information point in the map is covered with a minimum bounding rectangle, and a Hilbert value of the center of each minimum bounding rectangle is calculated as a Hilbert value of the minimum bounding rectangle, using the Hilbert Constructing a Hilbert R-tree to the map;
    从第三方数据源获得描述所述Hilbert R-树中每个最小边界矩形所包含的区域的地点特征的一个或多个标签来表示所述区域的位置类别;Obtaining one or more tags describing a location feature of an area included in each of the minimum bounding rectangles in the Hilbert R-tree from a third party data source to represent a location category of the area;
    计算所述Hilbert R-树中每个最小边界矩形所包含的区域对于每个位置类别的区域敏感度;Calculating a region sensitivity of each region included in each of the minimum bounding rectangles in the Hilbert R-tree for each location category;
    将所述区域敏感度存放在所述Hilbert R-树的相应的叶子节点中;Storing the area sensitivity in a corresponding leaf node of the Hilbert R-tree;
    其中,所述区域敏感度的计算包括:Wherein, the calculation of the regional sensitivity includes:
    将所述区域中与所述位置类别相关的所有标签放入一个标签集合中;All tags in the region related to the location category are placed in a tag set;
    用条件熵计算所述标签集合中的任一标签或者多个标签组合对确定所述位置类别的贡献度;Calculating, by conditional entropy, the contribution of any one of the tag sets or the plurality of tag combinations to determining the location category;
    计算所述区域中所有位置都拥有所述标签集合中的任一标签或者 多个标签组合的概率;Calculating that all locations in the region have any of the tags in the set of tags or The probability of combining multiple tags;
    将所述贡献度和所述概率结合起来得到所述区域中所述标签集合中的任一标签或者多个标签组合对所述位置类别的不确定度;Combining the contribution degree and the probability to obtain an uncertainty of the location category by any one or a plurality of label combinations in the label set in the area;
    将最小的不确定度值作为所述区域对所述位置类别的区域敏感度。The smallest uncertainty value is taken as the area sensitivity of the area to the location category.
  9. 根据权利要求8所述的用户位置信息保护装置,其特征在于,当所述区域敏感度大于预设的区域敏感度阈值时所述区域的语义是安全的。The user location information protection apparatus according to claim 8, wherein the semantics of the area is safe when the area sensitivity is greater than a preset area sensitivity threshold.
  10. 根据权利要求7所述的用户位置信息保护装置,其特征在于,所述匿名单元还配置用于:The user location information protection apparatus according to claim 7, wherein the anonymous unit is further configured to:
    在所述地图中找出满足以下条件的区域作为候选匿名区域:所述用户终端的位置位于区域中、区域中至少包括第二数目个不同的地理信息点、区域的面积不超过预设的面积阈值、区域的语义是安全的;An area that meets the following conditions is found in the map as a candidate anonymous area: the location of the user terminal is located in the area, and the area includes at least a second number of different geographic information points, and the area of the area does not exceed a preset area. The semantics of thresholds and regions are safe;
    在所述用户终端的位置附近寻找第一数目减1个具有与所述候选匿名区域相同的匿名区域的用户,若找到,则匿名成功,所述候选匿名区域为最终匿名区域;Finding a first number minus one user having the same anonymous area as the candidate anonymous area near the location of the user terminal, if found, the anonymous success is successful, and the candidate anonymous area is the final anonymous area;
    若没有找到,则选取所述候选区域的上一层区域作为新的候选区域,重复第一数目减1个邻居用户的发现操作,直到匿名成功或候选匿名区域面积达到预设的面积阈值为止。If not found, the upper layer area of the candidate area is selected as a new candidate area, and the discovery operation of the first number minus one neighbor user is repeated until the anonymous success or the area of the candidate anonymous area reaches a preset area threshold.
  11. 根据权利要求10所述的用户位置信息保护装置,其特征在于,所述匿名单元还配置用于:The user location information protection apparatus according to claim 10, wherein the anonymous unit is further configured to:
    以单跳或多跳通信的方式发现具有相同候选匿名区域的邻居用户,形成匿名成功的匿名组;Discovering neighboring users with the same candidate anonymous area in a single-hop or multi-hop communication manner to form an anonymous anonymous group;
    将匿名成功的消息广播给所述匿名组内的所有用户;Broadcast an anonymous successful message to all users in the anonymous group;
    所述匿名组内用户用所述候选匿名区域代替自身真实位置向用于根据位置来提供服务的服务提供商发起服务请求,所述服务请求处理成功后,所述匿名组解散。 The anonymous group user initiates a service request to the service provider for providing the service according to the location by using the candidate anonymous area instead of the real location. After the service request processing is successful, the anonymous group is dissolved.
  12. 根据权利要求11所述的用户位置信息保护装置,其特征在于,所述匿名单元还配置用于:The user location information protection apparatus according to claim 11, wherein the anonymous unit is further configured to:
    广播节点发现消息,所述节点发现消息包括:匿名组编号、候选匿名区域、匿名组用户数、消息广播跳数;The broadcast node discovery message includes: an anonymous group number, a candidate anonymous area, an anonymous group user number, and a message broadcast hop count;
    接收邻居用户的响应消息,所述响应消息包括:具有相同候选匿名区域的邻居节点集合;Receiving a response message of the neighbor user, where the response message includes: a set of neighbor nodes having the same candidate anonymous region;
    将收到的所述邻居节点集合放入已发现节点的集合,查看所述邻居节点集合的所有邻居节点中最大的匿名组用户数值是否大于节点发现消息中的匿名组用户数,若大于,则将所述节点发现消息中的匿名组用户数更新为所述邻居节点中最大的匿名组用户数;The received set of neighbor nodes is placed in the set of discovered nodes, and the maximum anonymous group user value of all the neighbor nodes of the neighbor node set is greater than the number of anonymous group users in the node discovery message. Updating the number of anonymous group users in the node discovery message to the largest number of anonymous group users in the neighbor node;
    比较已发现节点的个数是否达到所述邻居节点中最大的匿名组用户数减1个,若达到,则匿名成功;Compare whether the number of nodes has reached the maximum number of anonymous group users in the neighbor node minus one, and if so, the anonymous success;
    若未达到,将所述邻居节点集合和所述已发现节点的集合进行比较,若两个集合相同,则匿名失败,将在所述匿名组内发送匿名失败的消息;若不同,则将消息广播跳数加1,继续广播所述节点发现消息,等待响应。If not, comparing the set of neighbor nodes with the set of discovered nodes, if the two sets are the same, the anonymity fails, and an anonymous failure message is sent in the anonymous group; if different, the message is sent The broadcast hop count is incremented by one, and the node discovery message continues to be broadcast, waiting for a response.
  13. 一种设备,包括:A device that includes:
    处理器;和Processor; and
    存储器,Memory,
    所述存储器中存储有能够被所述处理器执行的计算机可读指令,在所述计算机可读指令被执行时,所述处理器执行如权利要求1-6中任一项所述的方法。The memory stores computer readable instructions executable by the processor, the processor executing the method of any of claims 1-6 when the computer readable instructions are executed.
  14. 一种非易失性计算机存储介质,所述计算机存储介质存储有能够被处理器执行的计算机可读指令,当所述计算机可读指令被处理器执行时,所述处理器执行如权利要求1-6中任一项所述的方法。 A non-volatile computer storage medium storing computer readable instructions executable by a processor, the processor executing as claimed in claim 1 The method of any of -6.
PCT/CN2017/081198 2016-05-10 2017-04-20 Method and device for protecting user location information WO2017193783A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201610305989.6A CN107360121B (en) 2016-05-10 2016-05-10 Customer position information guard method and device
CN201610305989.6 2016-05-10

Publications (1)

Publication Number Publication Date
WO2017193783A1 true WO2017193783A1 (en) 2017-11-16

Family

ID=60267206

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2017/081198 WO2017193783A1 (en) 2016-05-10 2017-04-20 Method and device for protecting user location information

Country Status (2)

Country Link
CN (1) CN107360121B (en)
WO (1) WO2017193783A1 (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109067750A (en) * 2018-08-14 2018-12-21 中国科学院信息工程研究所 A kind of location privacy protection method and device based on anonymity
CN111385317A (en) * 2018-12-27 2020-07-07 华为技术有限公司 Data transmission method, device and system
CN112257109A (en) * 2020-10-30 2021-01-22 西安易朴通讯技术有限公司 Data processing method and device
CN112866992A (en) * 2021-01-22 2021-05-28 湖南大学 Position privacy protection method and system
CN113672975A (en) * 2021-08-03 2021-11-19 支付宝(杭州)信息技术有限公司 Privacy protection method and device for user track
CN115200603A (en) * 2022-09-13 2022-10-18 哈尔滨工业大学(深圳)(哈尔滨工业大学深圳科技创新研究院) Navigation service privacy protection method and device based on homomorphic encryption and anonymous camouflage
CN116015814A (en) * 2022-12-19 2023-04-25 武汉大学 K anonymous geographic position privacy protection method, system and electronic equipment

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111694919B (en) * 2020-06-12 2023-07-25 北京百度网讯科技有限公司 Method, device, electronic equipment and computer readable storage medium for generating information
CN112784161B (en) * 2021-01-29 2022-12-09 北京三快在线科技有限公司 Information processing method, device, medium and electronic device

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060274759A1 (en) * 2005-06-02 2006-12-07 Masahiro Maeda Method and system for SIP-based mobility management
CN104080081A (en) * 2014-06-16 2014-10-01 北京大学 Space anonymization method suitable for mobile terminal position privacy protection
CN104394509A (en) * 2014-11-21 2015-03-04 西安交通大学 High-efficiency difference disturbance location privacy protection system and method
CN104618896A (en) * 2015-01-07 2015-05-13 上海交通大学 Method and system for protecting location service privacy based on grid density

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060274759A1 (en) * 2005-06-02 2006-12-07 Masahiro Maeda Method and system for SIP-based mobility management
CN104080081A (en) * 2014-06-16 2014-10-01 北京大学 Space anonymization method suitable for mobile terminal position privacy protection
CN104394509A (en) * 2014-11-21 2015-03-04 西安交通大学 High-efficiency difference disturbance location privacy protection system and method
CN104618896A (en) * 2015-01-07 2015-05-13 上海交通大学 Method and system for protecting location service privacy based on grid density

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
HOU, JIE: "Research on Location Semantics based Privacy-Preserving Technology for Location-based Services", CHINA MASTER THESES FULL-TEXT DATABASE, 15 February 2016 (2016-02-15), ISSN: 1674-0246 *

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109067750A (en) * 2018-08-14 2018-12-21 中国科学院信息工程研究所 A kind of location privacy protection method and device based on anonymity
CN109067750B (en) * 2018-08-14 2020-12-29 中国科学院信息工程研究所 Location privacy protection method and device based on anonymity
CN111385317A (en) * 2018-12-27 2020-07-07 华为技术有限公司 Data transmission method, device and system
CN111385317B (en) * 2018-12-27 2021-09-07 华为技术有限公司 Data transmission method, device and system
CN112257109A (en) * 2020-10-30 2021-01-22 西安易朴通讯技术有限公司 Data processing method and device
CN112257109B (en) * 2020-10-30 2023-04-07 西安易朴通讯技术有限公司 Data processing method and device
CN112866992A (en) * 2021-01-22 2021-05-28 湖南大学 Position privacy protection method and system
CN113672975A (en) * 2021-08-03 2021-11-19 支付宝(杭州)信息技术有限公司 Privacy protection method and device for user track
CN115200603A (en) * 2022-09-13 2022-10-18 哈尔滨工业大学(深圳)(哈尔滨工业大学深圳科技创新研究院) Navigation service privacy protection method and device based on homomorphic encryption and anonymous camouflage
CN115200603B (en) * 2022-09-13 2023-01-31 哈尔滨工业大学(深圳)(哈尔滨工业大学深圳科技创新研究院) Navigation service privacy protection method and device based on homomorphic encryption and anonymous camouflage
CN116015814A (en) * 2022-12-19 2023-04-25 武汉大学 K anonymous geographic position privacy protection method, system and electronic equipment
CN116015814B (en) * 2022-12-19 2024-04-05 武汉大学 K anonymous geographic position privacy protection method, system and electronic equipment

Also Published As

Publication number Publication date
CN107360121A (en) 2017-11-17
CN107360121B (en) 2019-06-04

Similar Documents

Publication Publication Date Title
WO2017193783A1 (en) Method and device for protecting user location information
US10735547B2 (en) Systems and methods for caching augmented reality target data at user devices
US11425525B2 (en) Privacy preservation platform
US9760401B2 (en) Incentive-based app execution
US8208905B2 (en) Discovering an event using a personal preference list and presenting matching events to a user on a display
RU2693637C2 (en) Service integration client platform
US8145643B2 (en) Time based ordering of provided mobile content
US10470021B2 (en) Beacon based privacy centric network communication, sharing, relevancy tools and other tools
US11706184B2 (en) Space time region based communications
KR20120036831A (en) Integrating updates into a social-networking service
CN102741845A (en) URL reputation system
CN105324771A (en) Personal search result identifying a physical location previously interacted with by a user
KR20160124886A (en) Accelerated training of personal daemons
US20210133227A1 (en) Access points for maps
US8903936B2 (en) Sharing user defined location based zones
CN106682146B (en) Method and system for retrieving scenic spot evaluation according to keywords
WO2015127153A1 (en) Personal daemon interaction through escalating disclosure
CN108696418B (en) Privacy protection method and device in social network
US20190164193A1 (en) Predictive search context system for targeted recommendations
US20140172974A1 (en) System and method for requesting and sending audio, video, still pictures, and text from a specified location
US8838596B2 (en) Systems and methods to process enquires by receving and processing user defined scopes first
CN112269837A (en) Data processing method and device
WO2016067125A1 (en) Method of and systems for providing geolocation-based notifications
CN113626832A (en) Method and device for processing request
CN115238106A (en) Multimedia resource recommendation method and device, electronic equipment and storage medium

Legal Events

Date Code Title Description
NENP Non-entry into the national phase

Ref country code: DE

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17795401

Country of ref document: EP

Kind code of ref document: A1

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205 DATED 18/02/2019)

122 Ep: pct application non-entry in european phase

Ref document number: 17795401

Country of ref document: EP

Kind code of ref document: A1